CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6887
https://notcve.org/view.php?id=CVE-2014-6887
The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android EXPRESS (también conocido como com.gpshopper.express.android) 2.5.3 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/898329 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2168
https://notcve.org/view.php?id=CVE-2006-2168
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. • http://securityreason.com/securityalert/835 http://www.securityfocus.com/archive/1/432728/100/0/threaded http://www.securityfocus.com/bid/17786 https://exchange.xforce.ibmcloud.com/vulnerabilities/26225 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2210
https://notcve.org/view.php?id=CVE-2004-2210
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. • http://www.maxpatrol.com/advdetails.asp?id=12 http://www.maxpatrol.com/mp_advisory.asp http://www.securityfocus.com/bid/11426 •