Page 250 of 1254 results (0.010 seconds)

CVSS: 10.0EPSS: 88%CPEs: 15EXPL: 1

CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)

https://notcve.org/view.php?id=CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML. • https://www.exploit-db.com/exploits/8798 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31855 http://secunia.com/advisories/31860 http://secunia.com/advisories/31868 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

CVE-2008-3281 – libxml2 denial of service

https://notcve.org/view.php?id=CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/3172 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0

CVE-2008-2307

https://notcve.org/view.php?id=CVE-2008-2307

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X versión 10.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o ejecutar código arbitrario por medio de vectores que involucra a la matriz JavaScript que desencadena una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html http://secunia.com/advisories/30775 http://secunia.com/advisories/30801 http://secunia.com/advisories/30992 http://secunia.com/advisories/31074 http://support.apple.com/kb/HT2092 http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT2165 h • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0

CVE-2008-2306

https://notcve.org/view.php?id=CVE-2008-2306

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Apple Safari anterior a la versión 3.1.2 en Windows no interpreta apropiadamente la configuración de zona de Internet Explorer URLACTION_SHELL_EXECUTE_HIGHRISK, que permite a los atacantes remotos omitir las restricciones de acceso previstas y forzar a un sistema cliente a descargar y ejecutar archivos arbitrarios. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://secunia.com/advisories/30775 http://www.kb.cert.org/vuls/id/127185 http://www.securityfocus.com/bid/29835 http://www.securitytracker.com/id?1020329 http://www.vupen.com/english/advisories/2008/1882/references • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 10%CPEs: 6EXPL: 0

CVE-2008-2540

https://notcve.org/view.php?id=CVE-2008-2540

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. Apple Safari en Mac OS X y en versiones anteriores a 3.1.2 en Windows, no apunta al usuario después de descargar un objeto que tiene un tipo de contenido no reconocido, lo que permite a atacantes remotos incluir malware dentro de (1) el directorio Desktop en Windows o (2) el directorio Downloads en Mac OS X, y posteriormente permite a atacantes remotos ejecutar código arbitrario en Windows aprovechando una vulnerabilidad de ruta de búsqueda no confiable en (a) Internet Explorer 7 en Windows XP o (b) la función SearchPath en Windows XP, Vista y Server 2003 y 2008, vulnerabilidad también conocida como "Carpet Bomb" y "Blended Threat Elevation of Privilege Vulnerability", un problema diferente de CVE-2008-1032. NOTA: Apple considera esto como vulnerabilidad solo porque los productos Microsoft pueden cargar bibliotecas de aplicaciones del escritorio y, como 20080619, no ha cubierto el problema en un aviso para Mac OS X. • http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx http://blogs.zdnet.com/security/?p=1230 http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://secunia.com/advisories/30467 http://securitytracker.com/id?1020150 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html http://www.microsoft.com/technet/se • CWE-264: Permissions, Privileges, and Access Controls •