7 matches found
EUVD-2017-4618
Malware in sbrugna...
TikTok: Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly)
An unclaimed Amazon S3 bucket which no longer used for any TikTok applications and did not host any user data could have allowed a takeover on a musical.ly subdomain. We thank @daik0n for reporting this to our team...
CVE-2017-13101
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...
Hardcoded credentials
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...
CVE-2017-13101
CVE-2017-13101 concerns the iOS app from Musical.ly (version 6.1.6, published 2017-10-03) which uses a hard-coded encryption key. The consequence stated in the initial documents is that data stored with this key can be decrypted by anyone who can access the key, exposing sensitive information. Th...
CVE-2017-13101 Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...
musical.ly - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application musical.ly published at the 'play' market has multiple vulnerabilities...