158 matches found
Horizon DaaS update addresses an insecure data validation issue
a. Horizon DaaS insecure data validation Horizon DaaS contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitati...
RMI Java Deserialization RCE Vulnerability (Jun 2016) - Active Check
The remote host is affected by a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
The vulnerability of the iOS operating system, which allows a hacker to obtain the user’s email address
The vulnerability of the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain the user’s email address through a specially crafted application for the Game Center...
Design/Logic Flaw
The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...
EMC M&R multiple security vulnerabilities
Crossite scripting, insecure data storage, directory traversal, unrestricted files upload...
X (Formerly Twitter): Insecure Data Storage in Vine Android App
Hi Twitter, - Vulnerability Class:OWASP M2 : Insecure Data Storage Every application needs to store something secret, like a website username,password, cookies etc. , internal storage is the place to do it, android sandbox prevents other applications from accessing this data but,In vine android a...
Mod_Auth_OpenID Session Stealing Vulnerability
No description provided by source. https://github.com/paranoid/modauthopenid/blob/master/CVE-2012-2760.markdown Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to modauthopenid-0.7 ID : modauthopenid-1201 CVE reference : CVE-2012-2760 Detai...
[DVIA] Damn Vulnerable iOS Application
.png Damn Vulnerable iOS App DVIA is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common...
Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app
Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves...
Starbucks 2.6.1 Information Disclosure
Title: CVE-2014-0647 Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application Published: January 13, 2014 Reported to Vendor: December 2013 no direct response CVE Reference: CVE-2014-0647 Credit: This issue was discovered by Daniel E. Wood...
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
Title: CVE-2013-6986 Insecure Data Storage in Subway Ordering for California ZippyYum 3.4 iOS mobile application Published: December 7, 2013 Reported to Vendor: May 2013 CVE Reference: CVE-2013-6986 https://vulners.com/cve/CVE-2013-6986 CVSS v2 Base Score: 4.9 CVSS v2 Vector...
ZippyYum 3.4 Insecure Data Storage
Title: CVE-2013-6986 Insecure Data Storage in Subway Ordering for California ZippyYum 3.4 iOS mobile application Published: DATE Reported to Vendor: May 2013 CVE Reference: CVE-2013-6986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6986 CVSS v2 Base Score: 4.9 CVSS v2 Vector...
Mac OS X Mail.App insecure data storage
Encrypted messages are stored in cleartext...
Множественные уязвимости в SimpleViewerAdmin
+++++++++++++++++++++++++++++++++++++++++++++++ Множественные уязвимости в SimpleViewerAdmin +++++++++++++++++++++++++++++++++++++++++++++++ Затронутые продукты: SimpleViewerAdmin v1.7, возможно и более ранние версии. +++++++++++++++++++++++++++++++++++++++++++++++ Описание: SimpleViewerAdmin - э...
BlogTorrent <= 0.92 Remote Password Disclosure Exploit
Exploit for unknown platform in category web applications ====================================================== BlogTorrent 14ae696abdca1688dd577fe486c3981f331457b0d7 Password crypt in md5 - d7b82821fe725305bded2fab9e91ed1e0e6fd93bee LazyCrsATGMailDOTcom - pjphemATmyboxDOTit FREE RAFA! FREE RAFA...
CleanCache v2.19: False Sense of Security
This is a similar if not exact problem that I found with the program Window Washer 5.x by Web Root: http://www.securityfocus.com/archive/1/372717 Publisher: ButtUglySoftware Program Description: CleanCache v.2.19 will clean up your Windows computer, such as IE cache, cookies and temp directories ...
CVE-2004-0871
Mozilla does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...
Trillian 0.x IRC Module - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/5373/info A buffer overflow condition has been reported in the Trillian IRC module. The condition is due to insecure handling of data extracted from server responses. An attacker in control of a malicious server may exploit vulnerable clients who have...