CVE-2010-1102
https://notcve.org/view.php?id=CVE-2010-1102
Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. Desbordamiento de entero en OmniWeb permite a atacantes remotos evitar las restricciones establecidas en los puertos de las conexiones salientes TCP a través de un número de puerto fuera del rango del tipo de dato de valor corto sin signo, como se ha demostrado con el valor 65561 para el puerto TCP 25. • http://www.securityfocus.com/archive/1/510283/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/57236 • CWE-189: Numeric Errors •
CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el atributo ROWSPAN, como se demostró con un caida de OmniWeb 5.5.3 sobre Mac OS X 10.4.8, una vulnerabilidad diferente que la CVE-2006-2019. • https://www.exploit-db.com/exploits/29461 http://security-protocols.com/sp-x41-advisory.php http://www.securityfocus.com/bid/22059 • CWE-399: Resource Management Errors •
CVE-2007-0148 – OmniWeb 5.5.1 - JavaScript alert() Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2007-0148
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. Vulnerabilidad de formato de cadena en OmniGroup OmniWeb 5.5.1 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o ejecutar código de su elección a través de formatos específicos de cadena en la función de alerta de Javascript. • https://www.exploit-db.com/exploits/3098 http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure http://osvdb.org/31222 http://projects.info-pull.com/moab/MOAB-07-01-2007.html http://secunia.com/advisories/23624 http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt http://www.omnigroup.com/applications/omniweb/releasenotes http://www.securityfocus.com/archive/1/456578/100/0/threaded http://www.securityfocus.com/bid/21911 http://www.vupen.com •
CVE-2005-0976
https://notcve.org/view.php?id=CVE-2005-0976
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. • http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html http://remahl.se/david/vuln/001 •
CVE-2005-0233
https://notcve.org/view.php?id=CVE-2005-0233
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://marc.info/?l=bugtraq&m=110782704923280&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-29.html http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/ •