The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2014-09-08 http://www.kb.cert.org/vuls/id/157457 http://www.kb.cert.org/vuls/id/582497
The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2014-09-08 http://www.kb.cert.org/vuls/id/123577 http://www.kb.cert.org/vuls/id/582497
The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2014-09-08 http://www.kb.cert.org/vuls/id/571145 http://www.kb.cert.org/vuls/id/582497
The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2014-09-08 http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/935465
The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2014-09-08 http://www.kb.cert.org/vuls/id/199345 http://www.kb.cert.org/vuls/id/582497
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Date published :...
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. Date published : 2014-09-08...
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."...
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. Date published : 2014-09-08 http://gerrit.ovirt.org/#/c/25987/ http://www.ovirt.org/Security_advisories
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. Date published : 2014-09-08 http://gerrit.ovirt.org/#/c/25959/ http://www.ovirt.org/Security_advisories
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. Date...
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users’ cookies via the cid parameter in an editCookies action to profile.php. Date published : 2014-09-05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573 http://www.openwall.com/lists/oss-security/2014/08/29/5
TorrentFlux 2.4 allows remote authenticated users to obtain other users’ cookies via the cid parameter in an editCookies action to profile.php. Date published : 2014-09-05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573 http://www.openwall.com/lists/oss-security/2014/08/29/5
Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval...