Matthew Smith

**Name of the Vulnerable Software and Affected Versions** com.Aisyaidea.HijabModern version 1.0 **Description** The issue concerns the application's failure to verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For version 1.0, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** com.wHotelRoom (aka The Hotel Room) application version 0.1 for Android **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 0.1, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** com.magzter.touriositytravelmag version 3.1 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 3.1, consider updating the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict the use of the application on unsecured networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Dino Zoo (aka com.tappocket.dinozoostar) version 1.5 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 1.5, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** The Herpin Time Radio (aka com.herpin.time.radio) application version 2.0 **Description** The application does not verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For version 2.0, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** com.united12thman application version 2.1 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 2.1, consider disabling the use of SSL connections until a patch is available that properly verifies X.509 certificates. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** com.nobexinc.wls 69685189.rc version 3.2.3 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 3.2.3, consider implementing certificate pinning or verifying X.509 certificates from SSL servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict the use of sensitive information transmission until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** The Fling Gold (aka com.mbgames.fling.gold) application version 1.1.3 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 1.1.3, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** MyMetro (aka com.myrippleapps.mymetro) version 2.4.7 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 2.4.7, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** migme (aka com.projectgoth) application version 4.03.002 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 4.03.002, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** The Bond Trading (aka com.appmakr.app613309) application version 197705 for Android **Description** The application does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For version 197705, consider implementing proper X.509 certificate verification to prevent man-in-the-middle attacks. As a temporary workaround, restrict the application's access to sensitive information until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Crossmo Calendar application version 1.7.1 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 1.7.1, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) version 1.02 **Description** The application does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For version 1.02, update the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** CT iHub (aka com.concursive.ctihub) application for Android (affected versions not specified) **Description** The issue concerns the CT iHub application's failure to verify X.509 certificates from SSL servers. This oversight allows man-in-the-middle attackers to spoof servers and obtain sensitive information by using a crafted certificate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Villa Antonia (aka com.appbuilder.u7p5019) application for Android (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uControl Smart Home Automation (aka de.ucontrol) version 1.2 **Description** The issue concerns the application's failure to verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For version 1.2, consider implementing proper X.509 certificate verification to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** com.upasanhar.marathi.harivijay version 4.0 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 4.0, consider implementing proper X.509 certificate verification to prevent man-in-the-middle attacks. As a temporary workaround, restrict the application's access to sensitive information until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Acorn Comms (aka com.acorncomms.app) version 3.0 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 3.0, consider updating the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict the use of sensitive information within the application until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** com.magzter.indiancementreview version 3.01 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For version 3.01, consider updating the application to a version that properly verifies X.509 certificates from SSL servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict the use of the application on unsecured networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adopt O Pet (aka com.wFindAPet) version 0.1 **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For Adopt O Pet (aka com.wFindAPet) version 0.1, consider implementing proper X.509 certificate verification to prevent man-in-the-middle attacks. As a temporary workaround, restrict the application's access to sensitive information until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.