Page 455 of 2650 results (0.014 seconds)

CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 1

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Una vulnerabilidad de inyección de CRLF en WebCore en Mac OS X las versiones 10.3.9, 10.4.9 y posterior, y iPhone anterior a la versión 1.0.1, permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de caracteres LF en una petición XMLHttpRequest, que no se filtran al serializar los encabezados por medio de la función setRequestHeader. NOTA: este problema puede explotarse por ataques de tipo cross-site scripting (XSS). • https://www.exploit-db.com/exploits/30228 http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36449 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/845708 http://www.securityfocus.com/archive/1/472198/100/0/threaded http://www.securityfocus.com/bid/24598 http://ww • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 16%CPEs: 5EXPL: 0

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una "invalid type conversion", que permite a atacantes remotos ejecutar código arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36130 http://osvdb.org/36450 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/389868 http://www.securityfocus.com/bid/24597 http://www.securitytracker.com/id?1018281 http://www.vupen.com/english/advisories/2007/2296 •

CVSS: 7.8EPSS: 5%CPEs: 43EXPL: 0

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc http://larholm.com/2007/05/25/firefox-0day-local-file-reading http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004 http://osvdb.org/35920 http://secunia.com/advisories/25481 http://www.securityfocus.com/archive/1/470500/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367428 https://bugzilla.mozilla.org/show_bug.cgi?id=380994 •

CVSS: 7.1EPSS: 1%CPEs: 43EXPL: 0

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. Apple QuickTime para Java 7.1.6 en Mac OS X y Windows no limpia zonas de memoria potencialmente sensibles antes de usarla, lo cual permite a atacantes remotos leer la memoria desde un navegador web a través de vectores desconocidos relacionados con applets Java. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://www.kb.cert.org/vuls/id/434748 http://www.osvdb.org/35575 http://www.securityfocus.com/bid/24222 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 https://exchange.xforce.ibmcloud.com/vulnerabilities/34571 •

CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. Apple QuickTime para Java versión 7.1.6 en Mac OS X y Windows, no restringe apropiadamente la subclase de QTObject, lo que permite a atacantes remotos ejecutar código arbitrario por medio de una página web que contiene una clase definida por el usuario que accede a funciones no seguras que pueden ser aprovechadas para escribir en ubicaciones de memoria arbitrarias. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://secunia.com/secunia_research/2007-52/advisory http://www.kb.cert.org/vuls/id/995836 http://www.osvdb.org/35576 http://www.securityfocus.com/bid/24221 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 • CWE-264: Permissions, Privileges, and Access Controls •