Page 30 of 161 results (0.020 seconds)

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos inyectar secuencias de comandos web i HTML a traves de vctores relacionados con la gestion inadecuada de los objetos "Location" y "History". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54993 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.sec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. La implementación XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde páginas web arbitrarias a través de documentos manipudados. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54973 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 5%CPEs: 76EXPL: 1

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." Una vulnerabilidad de uso de memoria previamente liberada en WebKit, como es usado en Safari de Apple anterior a versión 4.0, iPhone OS versiones 1.0 hasta 2.2.1, iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, Chrome de Google versión 1.0.154.53, y posiblemente otros productos, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) mediante el establecimiento de una propiedad no especificada de una etiqueta HTML que causa que los elementos secundarios se liberen y más adelante se tenga acceso cuando se produce un error HTML, relacionado con "recursion in certain DOM event handlers". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54990 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36790 http://secunia.com/advisories • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 3%CPEs: 62EXPL: 1

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0 no inicializa un puntero durante el proceso de llamada de función attr Cascading Style Sheets (CSS) con un argumento numérico largo, lo que permite a los atacantes remotos ejecutar arbitrariamente código o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de documentos HTML manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr() functions in a CSS content object. When a large numerical value is passed as the argument to the attr() function, a memory corruption will occur which can be leveraged to execute arbitrary coder under the context of the current user. • http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55006 http://secunia.com/advisories/35379 http://secunia.com/advisories/35588 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 3%CPEs: 48EXPL: 1

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) destruyendo un elemento document.body que tiene un contenedor XML no especificado con elementos que soportan el atributo dir. This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55008 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022345 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/archive/1/504172/100/0/thr • CWE-399: Resource Management Errors •