|
295071
|
- |
|
apple
|
iphone_os
|
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5156
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295072
|
- |
|
apple
|
iphone_os
|
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
|
CWE-20
Improper Input Validation
|
CVE-2013-5155
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295073
|
- |
|
apple
|
iphone_os
|
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5154
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295074
|
- |
|
apple
|
iphone_os
|
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5153
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295075
|
- |
|
apple
|
iphone_os
|
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
|
CWE-20
Improper Input Validation
|
CVE-2013-5152
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295076
|
- |
|
apple
|
iphone_os
|
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5151
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295077
|
- |
|
apple
|
iphone_os
|
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by lev…
|
CWE-200
Information Exposure
|
CVE-2013-5150
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295078
|
- |
|
apple
|
iphone_os
|
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that emp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5149
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295079
|
- |
|
apple
|
iphone_os
|
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition invo…
|
CWE-362
Race Condition
|
CVE-2013-5147
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295080
|
- |
|
apple
|
iphone_os
|
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5145
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
