|
301411
|
- |
|
apple
|
safari
|
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorizatio…
|
CWE-200
Information Exposure
|
CVE-2012-0647
|
2024-11-21 10:35 |
2012-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301412
|
- |
|
apple
|
safari
|
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
|
CWE-200
Information Exposure
|
CVE-2012-0640
|
2024-11-21 10:35 |
2012-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301413
|
- |
|
apple
|
safari
|
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via uns…
|
CWE-20
Improper Input Validation
|
CVE-2012-0584
|
2024-11-21 10:35 |
2012-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301414
|
- |
|
apple
|
itunes
webkit
|
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0648
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301415
|
- |
|
apple
|
iphone_os
|
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2012-0646
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301416
|
- |
|
apple
|
iphone_os
|
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that for…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0645
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301417
|
- |
|
apple
|
iphone_os
|
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
|
CWE-362
Race Condition
|
CVE-2012-0644
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301418
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0643
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301419
|
- |
|
apple
|
iphone_os
|
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
|
CWE-189
Numeric Errors
|
CVE-2012-0642
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301420
|
- |
|
apple
|
iphone_os
|
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vu…
|
CWE-20
Improper Input Validation
|
CVE-2012-0641
|
2024-11-21 10:35 |
2012-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
