MidnightBSD

Advisories for tapatalk

CVE-2014-2023 HIGH

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
tapatalk tapatalk 5.1.0
tapatalk tapatalk 1.1.2
tapatalk tapatalk 3.1.5
tapatalk tapatalk 1.1.1
tapatalk tapatalk 5.0.0
tapatalk tapatalk 3.1.3
tapatalk tapatalk 1.2.3
tapatalk tapatalk 3.9.0
tapatalk tapatalk 4.5.1
tapatalk tapatalk 4.1.0
tapatalk tapatalk 4.9.0
tapatalk tapatalk 4.3.1
tapatalk tapatalk 3.2.0
tapatalk tapatalk 4.6.0
tapatalk tapatalk 4.2.0
tapatalk tapatalk 4.4.0
tapatalk tapatalk 4.7.0
tapatalk tapatalk 4.7.2
tapatalk tapatalk 4.8.0
tapatalk tapatalk 1.0.0
tapatalk tapatalk 1.2.6
tapatalk tapatalk 5.1.3
tapatalk tapatalk 5.2.1
tapatalk tapatalk 3.9.3
tapatalk tapatalk 3.9.1
tapatalk tapatalk 4.8.1
tapatalk tapatalk 4.0.0
tapatalk tapatalk 5.0.1
tapatalk tapatalk 4.3.0
tapatalk tapatalk 3.1.4
tapatalk tapatalk 4.5.2
tapatalk tapatalk 4.7.1
tapatalk tapatalk 1.2.0
tapatalk tapatalk 5.1.2
tapatalk tapatalk 3.1.2
tapatalk tapatalk 1.2.1
tapatalk tapatalk 1.1.0
tapatalk tapatalk 5.2.0
tapatalk tapatalk 1.0.2
tapatalk tapatalk 3.9.2
tapatalk tapatalk 5.1.1
tapatalk tapatalk 4.2.1
tapatalk tapatalk 2.0
tapatalk tapatalk 4.5.0
tapatalk tapatalk 1.0.1
CVE-2014-5680 MEDIUM

The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
tapatalk tapatalk 4.8.0
CVE-2014-8869 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tapatalk tapatalk 1.1.0
tapatalk tapatalk 1.0.2
tapatalk tapatalk 1.1.1
tapatalk tapatalk 1.0.0
tapatalk tapatalk 1.0.1
CVE-2014-8870 MEDIUM

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tapatalk tapatalk 1.1.0
tapatalk tapatalk 1.0.2
tapatalk tapatalk 1.1.1
tapatalk tapatalk 1.0.0
tapatalk tapatalk 1.0.1
CVE-2017-14652 HIGH

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
tapatalk tapatalk *