CVE-2011-0242
https://notcve.org/view.php?id=CVE-2011-0242
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Webkit en Safari de Apple antes de v5.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que incluyen una URL que contiene un nombre de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-0233 – Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0233
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, como se usa en el navegaodor Safari de Apple antes de v5.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit que figuran en APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0238
https://notcve.org/view.php?id=CVE-2011-0238
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit en Apple Safari anterior a v5.0.6 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente que otra WebKit CVEs listada en APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0218
https://notcve.org/view.php?id=CVE-2011-0218
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0217
https://notcve.org/view.php?id=CVE-2011-0217
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. Apple Safari antes de v5.0.6 que proporciona información de autocompletar para los scripts que se ejecutan antes del envío de formularios HTML, permite a atacantes remotos obtener información de libreta de direcciones a través de un formulario manipulado, como lo demuestra un formulario que incluye campos no visibles. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •