|
273421
|
- |
|
apple
|
mac_os_x
iphone_os
|
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote at…
|
CWE-200
Information Exposure
|
CVE-2015-1091
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273422
|
- |
|
apple
|
iphone_os
|
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive i…
|
CWE-200
Information Exposure
|
CVE-2015-1090
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273423
|
- |
|
apple
|
mac_os_x
iphone_os
|
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Ori…
|
CWE-200
Information Exposure
|
CVE-2015-1089
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273424
|
- |
|
apple
|
iphone_os
mac_os_x
|
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
|
CWE-20
Improper Input Validation
|
CVE-2015-1088
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273425
|
- |
|
apple
|
iphone_os
|
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
|
CWE-22
Path Traversal
|
CVE-2015-1087
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273426
|
- |
|
apple
|
tvos
iphone_os
|
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context …
|
CWE-20
Improper Input Validation
|
CVE-2015-1086
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273427
|
- |
|
apple
|
iphone_os
|
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1085
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273428
|
- |
|
qualiteam
|
x-cart
|
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0951
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273429
|
- |
|
qualiteam
|
x-cart
|
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0950
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273430
|
- |
|
antlabs
|
inngate_ig_3.10_g
inngate_ig_3.10_e
inngate_ig_3.00_e
inngate_ig_3.01_e
inngate_ig_3100
inngate_ig_3101
inngate_ig_3.02_e
|
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0932
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
