EUVD-2014-5648

Malware in sbrugna...

Zipcar Disruption

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software." That didn't just mean people couldn't get ca...

media.zipcar.com XSS vulnerability

Open Bug Bounty ID: OBB-297621 Description| Value ---|--- Affected Website:| media.zipcar.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2014-5761

The Zipcar aka com.zc.android application 3.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Zipcar aka com.zc.android application 3.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5761

The CVE-2014-5761 entry concerns the Zipcar Android app (package com.zc.android) version 3.4.2, where the app does not verify X.509 certificates when connecting to SSL servers. This behavior enables man-in-the-middle attackers to spoof legitimate servers and obtain sensitive information via a cra...

CVE-2014-5761

The Zipcar aka com.zc.android application 3.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...