Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в приложениях для iOS
дополнено с 15 июля 2013 г.
Опубликовано:30 декабря 2013 г.
Источник:
SecurityVulns ID:13182
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в различных приложениях, предоставляющих удаленный доступ к данным.
Затронутые продукты:WIRELESSDISKPRO : Wireless Disk PRO 2.3
 WIFIPHOTOTRANSFE : Wifi Photo Transfer 2.1
 WIFIALBUM : Wifi Album 1.47
 WIRELESSPHOTOACC : Wireless Photo Access 1.0
 SIMPLETRANSFER : SimpleTransfer 2.2
 FILELITE : File Lite 3.3
 BLUETOOTHCHATCON : Bluetooth Chat Connect 1.0
 EFILEWIFITRANSFE : eFile Wifi Transfer Manager 1.0
 MOBILEUSBDRIVEHD : Mobile USB Drive HD 1.2
 MOBILEATLASCREAT : Mobile Atlas Creator 1.9
 EXPONENT : Exponent CMS 2.2
 FTPSPRITE : FTP Sprite 1.2
 OLIVEFILEMANAGER : Olive File Manager 1.0
 EPHOTOTRANSFER : ePhoto Transfer 1.2
 FLUXPLAYER : Flux Player 3.1
 WIFLY : WiFly 1.0
 IPIC : iPic Sharp 1.2
 PHOTOSERVER : Photo Server 2.0
 DOWNLOADLITE : Download Lite 4.3
 PRIVATEPHOTOS : Private Photos 1.0
 WEBDISK : WebDisk 3.0
 FTPONCONNECT : FTP OnConnect 1.4
 WITHU : withU Music Share 1.3
 PHOTOTRANSFERUPL : Photo Transfer Upload 1.0
 COPYTOWEBDAV : Copy to WebDAV 1.1
 METACLASSY : Byword 2.0
 HIDEPHOTOVIDEOSA : Hide Photo+Video Safe 1.6
 PHOTOTRANSFERUPW : Photo Transfer Wifi 1.4
 APPOLOGICS : AirBeam 1.9
 MYFILEEXPLORER : My File Explorer 1.3
 OLIVEOFFICE : OliveOffice Mobile Suite 2.0
 BLUETOOTHU : Bluetooth U 1.2
 PRINTNSHARE : Print n Share 5.5
 WIRELESSTRANSFER : Wireless Transfer App 3.7
 IMAGAM : Imagam iFiles 1.16
 ZIPPIYUM : Subway Ordering for California 3.4
 PHOTOVIDEOALBUMT : Photo Video Album Transfer 1.0
 PHONEDRIVEEIGHTY : Phone Drive Eightythree 4.1
 FILEMASTERSYIT : FileMaster SY-IT 3.1
 SONGEXPORTER : Song Exporter 2.1
CVE:CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements.)
 CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.)
Оригинальный текстdocumentVulnerability Lab, Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities (30.12.2013)
 documentVulnerability Lab, Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities (30.12.2013)
 documentVulnerability Lab, FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities (30.12.2013)
 documentVulnerability Lab, Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities (30.12.2013)
 documentDaniel Wood, [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application (30.12.2013)
 documentVulnerability Lab, Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Print n Share v5.5 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability (09.12.2013)
 documentVulnerability Lab, Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability (09.12.2013)
 documentVulnerability Lab, Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities (03.10.2013)
 documentmario_(at)_roblest.com, CVE-2013-5118 - XSS Good for Enterprise iOS (01.10.2013)
 documentVulnerability Lab, eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability (01.10.2013)
 documentVulnerability Lab, Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities (01.10.2013)
 documentguillaume_(at)_binaryfactory.ca, [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability (01.10.2013)
 documentVulnerability Lab, Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities (20.08.2013)
 documentresearch_(at)_vulnerability-lab.com, Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities (20.08.2013)
 documentVulnerability Lab, withU Music Share v1.3.7 iOS - Command Inject Vulnerability (12.08.2013)
 documentFTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities, FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities (12.08.2013)
 documentVulnerability Lab, WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability (29.07.2013)
 documentVulnerability Lab, Private Photos v1.0 iOS - Persistent Path Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Download Lite v4.3 iOS - Persistent File Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Photo Server 2.0 iOS - Multiple Critical Vulnerabilities (29.07.2013)
 documentVulnerability Lab, iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability (19.07.2013)
 documentVulnerability Lab, WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities (19.07.2013)
 documentePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities, [email protected] (19.07.2013)
 documentePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities, ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities (19.07.2013)
 documentVulnerability Lab, Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities (17.07.2013)
 documentVulnerability Lab, FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability (17.07.2013)
 documentVulnerability Lab, eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability (15.07.2013)
 documentVulnerability Lab, Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability (15.07.2013)
 documentVulnerability Lab, Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Wifi Album v1.47 iOS - Command Injection Vulnerability (15.07.2013)
 documentVulnerability Lab, Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, SimpleTransfer 2.2.1 - Command Injection Vulnerabilities (15.07.2013)
 documentVulnerability Lab, File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities (15.07.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород