183 matches found
Perli 2.6 Filter Bypass / Script Insertion
Document Title: =============== Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1813 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID VL-ID: ====================================...
Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability
Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-28 Vulnerability Laboratory ID VL-ID: ====================================...
InstantCoder v1.0 iOS - Multiple Web Vulnerabilities
Document Title: =============== InstantCoder v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1738 Release Date: ============= 2016-02-22 Vulnerability Laboratory ID VL-ID: ==================================== 1738...
Improper validation of certificates within the iOS application - ownCloud
The ownCloud iOS Library was vulnerable against a remotely exploitable certification problem until version 1.1.2. The vulnerable library version is used by the official ownCloud iOS client until version 3.4.4. Specifically it has been discovered that the used networking library AFNetworking is pe...
Mobile App: Improper validation of certificates within the iOS application
The ownCloud iOS Library was vulnerable against a remotely exploitable certification problem until version 1.1.2. The vulnerable library version is used by the official ownCloud iOS client until version 3.4.4. Specifically it has been discovered that the used networking library AFNetworking is pe...
Shopify: Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS
If an owner or an administrator clicks "Expire User Sessions" in Admin Site although you get the notification that all users where logged out, but this does not actually happens for the user that is currently logged in using the Shopify Application in IOS This was tested on the latest Shopify app...
Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability
Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Thycotic-SecretServer.html Overview "With the Password Manager Secret Server app, you can access passwords for an EXISTING on-premise Secret Server or Secret Server...
Shopify: Lack of SSL Pinning on POS Application ( iOS )
Description Given that this is a POS application and handle CHD, cryptographic security is of most importance. Applications such as Square, Amazons POS, etc. have already implemented this. The iOS application is correctly checking for SSL certs using the os keychain, but due to the lack of checki...
Mobile Drive HD v1.8 - File Upload Web Vulnerability
Document Title: =============== Mobile Drive HD v1.8 - File Upload Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1446 Release Date: ============= 2015-03-11 Vulnerability Laboratory ID VL-ID: ==================================== 1446...
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability
Document Title: =============== SeasonApps iTransfer 1.1 - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1347 Release Date: ============= 2014-10-27 Vulnerability Laboratory ID VL-ID: ==================================== 134...
GS Foto Uebertraeger 3.0 iOS - Local File Inclusion
Document Title: =============== GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID: ====================================...
Vine iOS Mobile Application Detection
Binary data 8387.prm...
Secret: ClientId gives away platform (iOS/Android) from which a secret was posted.
In /stream API request each post contains a property named "ClientId". I suppose it's generated by client applications when user is posting a secret. It seems that iOS and Android applications generate this string quite differently: xLfLHR six random characters — iOS...
Good for Enterprise 2.2.2.1611 - XSS Vulnerability
No description provided by source. The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: body div scriptalert'XSS Here'/script /div...
Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities
Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities Document Title: =============== Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1270 Release Date: ============= 2014-05-30...
AllReader 1.0 iOS - Multiple Vulnerabilities
Document Title: =============== AllReader v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1269 Release Date: ============= 2014-05-26 Vulnerability Laboratory ID VL-ID: ==================================== 1269...
AllReader v1.0 iOS - Multiple Web Vulnerabilities
Document Title: =============== AllReader v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1269 Release Date: ============= 2014-05-25 Vulnerability Laboratory ID VL-ID: ==================================== 1269...
Design/Logic Flaw
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...
CVE-2014-0357
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...
IRCCloud: iOS application does not destroy session upon logout.
After a user logs out of the iOS application, the server should be destroying the user's session. However, this is not occurring in the iOS application. When the log out request is made, the following request and response is sent and received from the server: REQUEST: POST /apn-unregister HTTP/1....