CVE-2025-12699 ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

General Motors and Shanghai OnStar iOS Client Man-in-the-Middle Attack Vulnerability

General Motors GM and Shanghai OnStar SOS iOS Client is an iOS-based application for making SOS distress calls for drivers in the event of a motor vehicle collision. A security vulnerability exists in the GM and SOS iOS Client version 7.1. The vulnerability can be exploited by an attacker to...

CVE-2017-9597

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

TIOD 1.3.3 For iPhone / iPod Touch Directory Traversal

Exploit Title: TIOD v1.3.3 for iPhone / iPod touch, Directory Traversal Date: 03/03/2011 Author: R3d@l3rt, H@ckk3y E-Mail : R3dal3rt.team at gmail dot com Twitter : http://twitter.com/R3dAl3rtTeam Software Link: http://itunes.apple.com/kr/app/idocmanager/id404412400?mt=8 Version: 1.3.3 Tested on:...

Firm Finds Gaping Holes in Mobile Payments Applications

eBay’s PayPal online payment division is rushing a software patch to users of its iPhone mobile payments application to plug a hole that leaves users vulnerable to man-in-the-middle and phishing attacks, but the firm that found that hole said transaction security is just one problem facing the...