MidnightBSD

Advisories for disney

CVE-1999-1009 LOW

The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
disney go_express_search *
CVE-2014-5606 MEDIUM

The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
disney where's_my_perry?_free 1.5.1
CVE-2014-5607 MEDIUM

The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
disney where's_my_water?_free 1.9.1
CVE-2014-5849 MEDIUM

The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
disney maleficent_free_fall 1.2.0