Page 15 of 72 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. Mail en Apple iPhone 1.1.1, al usar SSL, no avisa al usuario cuando el servidor de correo cambia o no es confiable, lo cual permite a atacantes remotos robar credenciales y leer correos electrónicos mediante un ataque de hombre en el medio (MITM, man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38537 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25856 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36845 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International Domain Name o IDN) y las fuentes Unicode, lo cual permite a atacantes remotos crear un URL conteniendo "caracteres con apariencia similar" (homógrafos), y posiblemente realizar ataques de fraude (phishing). • http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://isc.sans.org/diary.html?storyid=3214 http://secunia.com/advisories/26287 http://www.securityfocus.com/bid/24636 http://www.securitytracker.com/id?1018488 http://www.vupen.com/english/advisories/2007/2730 http://www.vupen.com/english/advisories/2007/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/35716 • CWE-16: Configuration CWE-59: Improper Link Resolution Before File Access ('Link Following') •