| OSVDB ID | Disclosure Date | Title |
|---|
|
82563
Description:
Microsoft Visual Studio is prone to an overflow condition. The WebViewFolderIcon ActiveX control, MSCOMM32.OCX, fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted HTML document, a context-dependent attacker can potentially execute arbitrary code.
|
2009-06-09
|
Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow
|
|
54972
Description:
(Description Provided by CVE) : The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
|
2009-06-08
|
Apple Safari WebKit XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
|
|
54981
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
|
2009-06-08
|
Apple Safari WebKit Same-origin Policy Bypass Subframe Positioning Clickjacking
|
|
54982
Description:
(Description Provided by CVE) : Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
|
2009-06-08
|
Apple Safari Extended Validation (EV) Certificate Revocation Check Bypass
|
|
54987
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
|
2009-06-08
|
Apple Safari WebKit JavaScript Context Splitting Event Handler Subsequent Frame XSS
|
|
54983
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
|
2009-06-08
|
Apple Safari WebKit JavaScript Contexts Separation XSS
|
|
54985
Description:
(Description Provided by CVE) : The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
|
2009-06-08
|
Apple Safari WebKit JavaScript Garbage Collector Allocation Failure NULL Pointer Arbitrary Code Execution
|
|
54986
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
|
2009-06-08
|
Apple Safari WebKit Script Security Context Association Implementation Failure Unspecified XSS
|
|
54988
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.
|
2009-06-08
|
Apple Safari WebKit about:blank Security Context Race Condition XSS
|
|
54989
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.
|
2009-06-08
|
Apple Safari WebKit Cross-Domain JavaScript Prototype XSS
|
|
55004
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
|
2009-06-08
|
Apple Safari WebKit Crafted Canvas SVG Cross-site Image Capture
|
|
55005
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
|
2009-06-08
|
Apple Safari WebKit Canvas Redirect Cross-site Image Disclosure
|
|
54991
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.
|
2009-06-08
|
Apple Safari WebKit Page Transition Frame Content Access XSS
|
|
55027
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
|
2009-06-08
|
Apple Safari WebKit JavaScript Application RNG Prediction Weakness
|
|
54992
Description:
(Description Provided by CVE) : CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
|
2009-06-08
|
Apple Safari WebKit XMLHttpRequest Header Handling CRLF Injection
|
|
55006
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
|
2009-06-08
|
Apple iPhone / Safari WebKit CSS attr() Function Uninitialized Pointer Issue Arbitrary Code Execution
|
|
55008
Description:
(Description Provided by CVE) : Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
|
2009-06-08
|
Apple Safari WebKit JavaScript dir Attribute DOM Handling Use-after-free Arbitrary Code Execution
|
|
54993
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
|
2009-06-08
|
Apple Safari WebKit Location / History Objects XSS
|
|
55009
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
|
2009-06-08
|
Apple Safari WebKit Audio / Video HTML Element Handling Information Disclosure
|
|
55010
Description:
(Description Provided by CVE) : CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
|
2009-06-08
|
Apple Safari CFNetwork Image File Content Type Handling XSS
|
|
54997
Description:
Apple Safari contains a flaw in the implementation of the "Private Browsing" feature that may lead to an unauthorized information disclosure. The issue is triggered when a private browsing session is ended, and all cookies from the browsing session are not deleted, which will disclose sensitive information resulting in a loss of confidentiality.
|
2009-06-08
|
Apple Safari Private Browsing Cookie Removal Weakness Information Disclosure
|
|
55012
Description:
(Description Provided by CVE) : Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
|
2009-06-08
|
Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence
|
|
55011
Description:
(Description Provided by CVE) : Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
|
2009-06-08
|
Apple Safari open-help-anchor URL Handler Arbitrary Local Help File Inclusion
|
|
55013
Description:
(Description Provided by CVE) : Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
|
2009-06-08
|
Apple Safari WebKit SVG Animation Element Set.targetElement() Use-after-free Arbitrary Code Execution
|
|
55014
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
|
2009-06-08
|
Apple Safari WebKit Transparent Custom Cursor / CSS3 Hotspot Browser UI Element Spoofing
|
|
55015
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
|
2009-06-08
|
Apple Safari WebKit Attr DOM Object Handling Arbitrary Code Execution
|
|
55022
Description:
(Description Provided by CVE) : WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
|
2009-06-08
|
Apple Safari WebKit Arbitrary Local Java Applet Access
|
|
55023
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.
|
2009-06-08
|
Apple Safari WebKit Web Inspector HTML Attribute Handling XSS
|
|
54996
Description:
Apple Safari Web Inspector contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate scripts in a page being inspected by Web Inspector. This could allow a user to create a specially crafted page that would execute arbitrary code with elevated privileges.
|
2009-06-08
|
Apple Safari Web Inspector Page Inspection XSS
|
|
54995
Description:
(Description Provided by CVE) : CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
|
2009-06-08
|
Apple Safari CFNetwork Temporary File Local Information Disclosure
|
|
54973
Description:
(Description Provided by CVE) : The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
|
2009-06-08
|
Apple Safari WebKit XSLT Redirect Handling Information Disclosure
|
|
54974
Description:
(Description Provided by CVE) : CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
|
2009-06-08
|
Apple Safari on Windows CoreGraphics TrueType Font Handling Memory Corruption
|
|
54975
Description:
(Description Provided by CVE) : The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
|
2009-06-08
|
Apple Safari WebKit XSLT document() Function Information Disclosure
|
|
56195
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM UID/GID Re-use Weakness Privilege Escalation
|
|
56196
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM Multiple Default Passwords
|
|
56197
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM New Account Creation Process List Hashed Password Disclosure
|
|
56198
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM display.php Multiple Parameter XSS
|
|
56199
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM Login Page Input Traversal Symlink Arbitrary File Append
|
|
56200
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM Domain Creation Symlink Arbitrary File/Directory Ownership Manipulation
|
|
56201
Description:
Unknown / Incomplete
|
2009-06-08
|
LXLabs Kloxo / HyperVM FTP User Creation Symlink Arbitrary File Ownership Manipulation
|
