what you don't know can hurt you
Showing 1 - 25 of 34 RSS Feed

Files from David Coomber

First Active2006-01-03
Last Active2020-07-07
Applebot Incorrect Robots.txt Interpretation
Posted Jul 7, 2020
Authored by David Coomber

Applebot/0.1 does not fully obey robots.txt as it interprets allow entries for Googlebot as implied permission for Applebot.

tags | advisory
MD5 | 8dc6a1d084972fcf46b8cdbdb06e25e0
VIPRE Password Vault 1.100.1090 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
systems | ios
advisories | CVE-2020-14981
MD5 | 82d37852c91e2ee7b39bd7164fcdcea8
Sophos Secure Email Android Application 3.9.4 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
advisories | CVE-2020-14980
MD5 | 0af4af6cc034077229b0fc5e55b878d0
Citytv Video Unencrypted Analytics
Posted Feb 19, 2020
Authored by David Coomber

The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.

tags | advisory, info disclosure
systems | ios
advisories | CVE-2020-8507
MD5 | a4c54d68932b6a368bcb9f373ccb7b24
Global TV Unencrypted Analytics
Posted Feb 19, 2020
Authored by David Coomber

The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.

tags | advisory, info disclosure
systems | ios
advisories | CVE-2020-8506
MD5 | 53b85b11c7e2c82b9010d72677aa5e0d
CBC Gem Unencrypted Transit
Posted Nov 28, 2019
Authored by David Coomber

The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).

tags | advisory
systems | ios
MD5 | ddf0c0125210e18aad3d55c6060e572e
Anhui Huami Mi Fit 4.0.10 Unencrypted Update Check
Posted Nov 26, 2019
Authored by David Coomber

Anhui Huami Mi Fit Android application versions 4.0.10 and below does not encrypt the connection when it checks for an update.

tags | advisory
MD5 | a42279218aa424b93572cdeb05f5c02d
Texture Canada Unencrypted Third Party Analytics
Posted May 9, 2019
Authored by David Coomber | Site info-sec.ca

The Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch).

tags | advisory
systems | ios
advisories | CVE-2019-8632
MD5 | 4c145fd68917e2b2d7ff8fc34cecd4f3
Cisco Common Service Platform Collector Hardcoded Credentials
Posted Mar 14, 2019
Authored by David Coomber

The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.

tags | advisory
systems | cisco
advisories | CVE-2019-1723
MD5 | b839ff1288a335fb85a4e9618cd7250d
Qkr! With MasterPass Man-In-The-Middle
Posted Feb 5, 2019
Authored by David Coomber

Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.

tags | advisory
advisories | CVE-2019-6702
MD5 | 84888b6ce78bde23ac55322ff81ac951
Google Cardboard Android / iOS Applications Information Disclosure
Posted Nov 1, 2018
Authored by David Coomber | Site info-sec.ca

The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).

tags | advisory, info disclosure
systems | ios
MD5 | 90bd446dbfb72bbe575551b017929885
Norton Security For Mac Man-In-The-Middle
Posted Apr 27, 2018
Authored by David Coomber | Site info-sec.ca

Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.

tags | advisory
advisories | CVE-2017-15528
MD5 | 726d633d852943cc853a2a28381f7eec
Shazam Android Unencrypted Third Party Analytics
Posted Apr 10, 2018
Authored by David Coomber | Site info-sec.ca

Shazam on Android versions 8.3.1-180206 and below disclose potentially sensitive information to third party analytics.

tags | advisory, info disclosure
MD5 | e48086085f3d65188de31f424f0becbc
Cisco Umbrella Virtual Appliance 2.1.0 Hardcoded Credentials
Posted Nov 17, 2017
Authored by David Coomber | Site info-sec.ca

Cisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.

tags | advisory
systems | cisco
advisories | CVE-2017-12350
MD5 | 993e3f76b4724491d5f16794bc2fb968
Cisco Umbrella Virtual Appliance 2.0.3 Undocumented Support Tunnel
Posted Oct 24, 2017
Authored by David Coomber

Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.

tags | advisory
systems | cisco
advisories | CVE-2017-6679
MD5 | b176f5aecc3e42a73c69376a8d0395b6
Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics
Posted Oct 24, 2017
Authored by David Coomber

Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).

tags | advisory
systems | apple, ios
advisories | CVE-2017-7147
MD5 | 228b93dcbffcf65f58e7495bb25a4bb0
Apple Music Android Application Man-In-The-Middle
Posted Apr 6, 2017
Authored by David Coomber

The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.

tags | advisory
systems | apple
advisories | CVE-2017-2387
MD5 | 77f6d3bf2a4d79ba1870023309aa385e
Trend Micro Enterprise Mobile Security Android Application Man-In-The-Middle
Posted Mar 30, 2017
Authored by David Coomber

The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.

tags | advisory
advisories | CVE-2016-9319
MD5 | f80c525a43a419b297b0ae9bdde3471e
ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle
Posted Jan 4, 2017
Authored by David Coomber

ShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.

tags | advisory
systems | cisco, ios
advisories | CVE-2016-6562
MD5 | 504528fda2cb031d91ae4db08bcb18ed
Kaspersky Safe Browser Man-In-The-Middle
Posted Jul 29, 2016
Authored by David Coomber

Kaspersky Safe Browser suffers from a man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2016-6231
MD5 | c560a316f015bf550738b9123c203979
Acer Portal Android Application 3.9.3.2006 Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
MD5 | 18577e2af30c987e1bffc397498a8603
Trend Micro Mobile Security Man-In-The-Middle
Posted May 11, 2016
Authored by David Coomber

Trend Micro Mobile Security iOS application versions 3.1.1034 and below fail to validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
systems | ios
advisories | CVE-2016-3664
MD5 | 85cb234c73866b26c22a4774c83e692f
Panda SM Manager 2.0.10 Certificate Validation Fail
Posted Mar 3, 2016
Authored by David Coomber

Panda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.

tags | advisory
MD5 | 99ed3f6629989317abc7b5beee211062
Dell SecureWorks iOS Certificate Validation Failure
Posted Feb 5, 2016
Authored by David Coomber

The Dell SecureWorks iOS application versions 2.0.6 and below do not validate the SSL certificate they receive when connecting to a secure site.

tags | advisory
systems | ios
MD5 | f9550c78cbd4a67f586f2d75e66cbf17
Webroot SecureAnywhere Business 1.10.316 SSL Validation
Posted Sep 6, 2015
Authored by David Coomber

Webroot SecureAnywhere Business versions 1.10.316 and below fail to validate SSL certificates.

tags | advisory
MD5 | f319bb12019f6735cf86b777290b0acf
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close