CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1940
https://notcve.org/view.php?id=CVE-2010-1940
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Apple Safari 4.0.5 en Windows envía la cabecera "Authorization: Basic" necesaria para un sitio web a un sitio web diferente referenciado en una cabecera "Location" recibida desde el primer sitio, lo que permite a servidores web remotos obtener información sensible mediante el almacenamiento de peticiones HTTP. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido exclusivamente de información de terceros. • http://secunia.com/advisories/39670 https://exchange.xforce.ibmcloud.com/vulnerabilities/58620 • CWE-255: Credentials Management Errors •
CVSS: 7.6EPSS: 95%CPEs: 2EXPL: 4CVE-2010-1939 – Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)
https://notcve.org/view.php?id=CVE-2010-1939
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. Vulnerabilidad de uso despues de liberacion en Apple Safari 4.0.5 en Windows permite a atacantes remotos ejecutar código de su elección mediante el uso de window.open para crear una ventana emergente para un documento HTML manipulado y después llamando al método close de la ventana de origen, lo que dispara un manejo no apropiado de un objeto de ventana borrado. • https://www.exploit-db.com/exploits/12614 https://www.exploit-db.com/exploits/12573 http://h07.w.interia.pl/Safari.rar http://reviews.cnet.com/8301-13727_7-20004709-263.html http://secunia.com/advisories/39670 http://securitytracker.com/id?1023958 http://www.kb.cert.org/vuls/id/943165 http://www.osvdb.org/64482 http://www.securityfocus.com/bid/39990 http://www.vupen.com/english/advisories/2010/1097 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 3CVE-2010-1131 – Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion
https://notcve.org/view.php?id=CVE-2010-1131
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring. JavaScriptCore.dll, como el utilizado en Apple Safari v4.0.5 en Windows XP SP3, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un documento compuesto por muchos ocurrencias sucesivas de la subcadena <object>. • https://www.exploit-db.com/exploits/12487 https://www.exploit-db.com/exploits/11838 http://www.securityfocus.com/bid/38884 http://www.securityfocus.com/data/vulnerabilities/exploits/38884.php •
CVSS: 10.0EPSS: 93%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari anterior a versión 4.1 sobre Mac OS X versión 10.4, y Safari en iPhone OS de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación), o leer la base de datos SMS u otros datos, por medio de vectores relacionados con "attribute manipulation", como es demostrado por Vincenzo Iozzo y Ralf Philipp Weinmann durante una competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. • https://www.exploit-db.com/exploits/16974 http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://securityreason.com/securityalert • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2010-1120 – Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1120
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad sin especificar en Safari 4 sobre Apple Mac Os X v10.6, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, como ha demostrado Charlie Miller durante la competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding() defined in libFontParser.dylib. While parsing glyphs from a PDF document, a malformed offset greater than 0x400 can result in a heap corruption which can be leveraged by an attacker to execute arbitrary code under the context of the current user. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11002504493 • CWE-94: Improper Control of Generation of Code ('Code Injection') •