CVE-2014-6721

Pharmaguideline 1.2.0 - Info Disclosure

Title source: llm

Description

The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploits (1)

nomisec WORKING POC

by sagisar1 · poc

https://github.com/sagisar1/CVE-2014-6721-exploit-Shellshock

View Code ZIP pw:eip

References (3)

Core 3

Core References

Various Sources x_refsource_misc

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/819305

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/582497

Scores

EPSS 0.0100

EPSS Percentile 77.1%

Details

CWE

CWE-310

Status published

Products (1)

pharmaguideline/pharmaguideline 1.2.0

Published Sep 26, 2014

Tracked Since Feb 18, 2026