Google Play Newsstand - Apache license, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Google Play Newsstand published at the 'play' market has multiple vulnerabilities...

CVE-2014-6919

The Metalcasting Newsstand aka air.com.yudu.ReaderAIR3017071 application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Metalcasting Newsstand aka air.com.yudu.ReaderAIR3017071 application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6919

The CVE-2014-6919 entry concerns the Android app Metalcasting Newsstand (air.com.yudu.ReaderAIR3017071) , version 3.12.0 . The vulnerability is that the application does not verify X.509 certificates when connecting to SSL servers, enabling a man-in-the-middle (MITM) attacker to spoof servers and...

CVE-2014-6919

The Metalcasting Newsstand aka air.com.yudu.ReaderAIR3017071 application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Unfixed XSS vulnerability at www.thirdage.com

Security researcher Darkster, has submitted on 10/08/2007 a cross-site-scripting XSS vulnerability affecting www.thirdage.com, which at the time of submission ranked 46001 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/08/2007. It is...