Page 246 of 1351 results (0.045 seconds)

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 1

CVE-2009-1706

https://notcve.org/view.php?id=CVE-2009-1706

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. La característica de Navegación Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relación con (1) la desactivación de la característica o (2) la salida de la aplicación, esto hace que sea más sencillo a los servidores Web remotos seguir a los usuarios mediante una cookie. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://osvdb.org/54997 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35346 http://www.vupen.com/english/advisories/2009/1522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1

CVE-2009-1700

https://notcve.org/view.php?id=CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. La implementación XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde páginas web arbitrarias a través de documentos manipudados. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54973 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1715

https://notcve.org/view.php?id=CVE-2009-1715

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Web Inspector en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos ayudados por por el usuario inyectar secuencias de comandos web o HTML, y leer ficheros locales, a través de vectores relacionados con la ejecución de secuencias de comandos con privilegios incorrectos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54996 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35349 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/adv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1713

https://notcve.org/view.php?id=CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. La funcionalidad XSLT en WebKit en Apple Safari anteriores a v4.0 no implementa adecuadamente la función "document", lo que permite a atacantes remotos leer (1) ficheros locales arbitrariamente (2) ficheros de diferentes zonas de seguridad a través de vectores inespecíficos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54975 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2011/0212 https://exchange&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 1

CVE-2009-1716

https://notcve.org/view.php?id=CVE-2009-1716

CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. CFNetwork en Apple Safari anterior a v4.0 sobre Windows, no protege adecuadamente los ficheros temporales de las descargas que crea, lo que permite a usuarios locales obtener información sensible leyendo éstos archivos. • http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35379 http://securitytracker.com/id?1022342 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35347 http://www.vupen.com/english/advisories/2009/1522 • CWE-264: Permissions, Privileges, and Access Controls •