exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files from David Coomber

First Active2006-01-03
Last Active2022-10-14
Apple Music Android Application 3.10.2 Man-In-The-Middle
Posted Oct 14, 2022
Authored by David Coomber

Apple Music Android Application versions 3.8.0 through 3.10.2 suffer from a man-in-the-middle vulnerability.

tags | advisory
systems | apple
advisories | CVE-2022-32906
SHA-256 | d1ed8f7b256d2d042c0b954254d2d4024fd2465082a377d15ad7dc5f5b790f57
CIRA Canadian Shield Man-In-The-Middle
Posted Feb 23, 2021
Authored by David Coomber

The Canadian Internet Registration Authority (CIRA) Canadian Shield iOS application versions 4.0.12 and below do not validate the SSL certificate it receives when connecting to the application server.

tags | advisory
systems | ios
advisories | CVE-2021-27189
SHA-256 | 45101c457e72359c021a13cf5308d10f34eba950e27a433202de650671c113b1
A Short Tale Of Proxy Leakage
Posted Oct 22, 2020
Authored by David Coomber

A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.

tags | paper
systems | apple
SHA-256 | b673e03e8e1aa51151d99f5859b00763aeba232a9176600740c438ec5fb79def
Applebot Incorrect Robots.txt Interpretation
Posted Jul 7, 2020
Authored by David Coomber

Applebot/0.1 does not fully obey robots.txt as it interprets allow entries for Googlebot as implied permission for Applebot.

tags | advisory
SHA-256 | 78ae053c4168117e295b49f3d21f45583932d75f34e82ed990e26f77540f353c
VIPRE Password Vault 1.100.1090 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
systems | ios
advisories | CVE-2020-14981
SHA-256 | ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59
Sophos Secure Email Android Application 3.9.4 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
advisories | CVE-2020-14980
SHA-256 | 564bf74464507abc31328cd13ce11650838cbcc6c851afff00c70b4726aa428c
Citytv Video Unencrypted Analytics
Posted Feb 19, 2020
Authored by David Coomber

The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.

tags | advisory, info disclosure
systems | ios
advisories | CVE-2020-8507
SHA-256 | 69868f6b911d6cf596e7530e83a2e402a3944a8e2a68aa35eb11626d610a6c15
Global TV Unencrypted Analytics
Posted Feb 19, 2020
Authored by David Coomber

The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.

tags | advisory, info disclosure
systems | ios
advisories | CVE-2020-8506
SHA-256 | 68b4bda7e6101bdf7ea612dbb5795ddf2d158d57237f9ae419274e7ecf71f7f6
CBC Gem Unencrypted Transit
Posted Nov 28, 2019
Authored by David Coomber

The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).

tags | advisory
systems | ios
SHA-256 | 0d3444a9cc732375e29149b598c57075ea9f0555e5ce5015c7e21c27660080f2
Anhui Huami Mi Fit 4.0.10 Unencrypted Update Check
Posted Nov 26, 2019
Authored by David Coomber

Anhui Huami Mi Fit Android application versions 4.0.10 and below does not encrypt the connection when it checks for an update.

tags | advisory
SHA-256 | e185e7156a12339d666b12c950cb9ece3e3e38a8514d9a1395d67f5123e52007
Texture Canada Unencrypted Third Party Analytics
Posted May 9, 2019
Authored by David Coomber | Site info-sec.ca

The Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch).

tags | advisory
systems | ios
advisories | CVE-2019-8632
SHA-256 | 8efefb38edf3cb8569fef8c1e4d0115eaf21dbfcc1b58e5f8cb1a093faf95a5d
Cisco Common Service Platform Collector Hardcoded Credentials
Posted Mar 14, 2019
Authored by David Coomber

The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.

tags | advisory
systems | cisco
advisories | CVE-2019-1723
SHA-256 | 9de3cc083ddf7db43e4d74958044bd8416ed3ad485d7ce5d8ebc5ba34711b3c6
Qkr! With MasterPass Man-In-The-Middle
Posted Feb 5, 2019
Authored by David Coomber

Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.

tags | advisory
advisories | CVE-2019-6702
SHA-256 | 05797b1faff6dafab46b3c8075ceaa2fc5193c578b6b52cde2f50b384a64f33d
Google Cardboard Android / iOS Applications Information Disclosure
Posted Nov 1, 2018
Authored by David Coomber | Site info-sec.ca

The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).

tags | advisory, info disclosure
systems | ios
SHA-256 | 42361a507af264ec429f830956d8abdd01925163d38d47dcc127b1fc891edff6
Norton Security For Mac Man-In-The-Middle
Posted Apr 27, 2018
Authored by David Coomber | Site info-sec.ca

Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.

tags | advisory
advisories | CVE-2017-15528
SHA-256 | 3ff64c0bcea95c1c17c44f735f3bade688ca62e4289bfc78ed2b0ecb34ae3e4d
Shazam Android Unencrypted Third Party Analytics
Posted Apr 10, 2018
Authored by David Coomber | Site info-sec.ca

Shazam on Android versions 8.3.1-180206 and below disclose potentially sensitive information to third party analytics.

tags | advisory, info disclosure
SHA-256 | 7aaf8adbd9808cffa95f5a4202d80e89e9007773eb5a1b5f9c776ba84c92fe36
Cisco Umbrella Virtual Appliance 2.1.0 Hardcoded Credentials
Posted Nov 17, 2017
Authored by David Coomber | Site info-sec.ca

Cisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.

tags | advisory
systems | cisco
advisories | CVE-2017-12350
SHA-256 | b75df23092926396b8f5b75ae10c72733fe4fc796acb74fe704cb7c3477edf0e
Cisco Umbrella Virtual Appliance 2.0.3 Undocumented Support Tunnel
Posted Oct 24, 2017
Authored by David Coomber

Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.

tags | advisory
systems | cisco
advisories | CVE-2017-6679
SHA-256 | 5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1b
Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics
Posted Oct 24, 2017
Authored by David Coomber

Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).

tags | advisory
systems | apple, ios
advisories | CVE-2017-7147
SHA-256 | b2897fa68d98d0bcdeca83e54c19b2cbffb7823e51716ff60960f9cc3e3d0cdb
Apple Music Android Application Man-In-The-Middle
Posted Apr 6, 2017
Authored by David Coomber

The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.

tags | advisory
systems | apple
advisories | CVE-2017-2387
SHA-256 | 1422d48bcd8eed64fc465a014de8e359bdf5f4adb5d983d4dc5bc3f09063b2b3
Trend Micro Enterprise Mobile Security Android Application Man-In-The-Middle
Posted Mar 30, 2017
Authored by David Coomber

The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.

tags | advisory
advisories | CVE-2016-9319
SHA-256 | 3be0a3916b23746808c0c776f1e66acee4ee7df205c6f4e4557903bacd4c08eb
ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle
Posted Jan 4, 2017
Authored by David Coomber

ShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.

tags | advisory
systems | cisco, ios
advisories | CVE-2016-6562
SHA-256 | ab8fbad9955d47f25f7c6c769b170308f9e0a2f2b792f80b59387dd470dc7304
Kaspersky Safe Browser Man-In-The-Middle
Posted Jul 29, 2016
Authored by David Coomber

Kaspersky Safe Browser suffers from a man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2016-6231
SHA-256 | a69e867e6dee8c1addf7cdbb8600769155deaea15c494c95c4cc860666908b3e
Acer Portal Android Application 3.9.3.2006 Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
SHA-256 | e41d65b401922a36dd4fd36af2a4b2b250969e944b8ae92cf0e117d652041d1b
Trend Micro Mobile Security Man-In-The-Middle
Posted May 11, 2016
Authored by David Coomber

Trend Micro Mobile Security iOS application versions 3.1.1034 and below fail to validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
systems | ios
advisories | CVE-2016-3664
SHA-256 | e551b1880ff922cd6c0047e14ee549c65dcc283403e2bdbf2f66d2992a0517bc
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close