158 matches found
Path traversal
XML External Entity XXE vulnerability in the CalDAV interface in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute pat...
CVE-2013-7140
Open-Xchange AppSuite 7.4.1 and earlier is affected by an XML External Entity (XXE) vulnerability in the CalDAV interface (SAX builder and WebDAV). The issue can allow remote authenticated users to read portions of arbitrary files on the server. The root cause is characterized as XXE (and may inc...
CVE-2013-7140
XML External Entity XXE vulnerability in the CalDAV interface in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute pat...
Open-Xchange Security Advisory 2014-01-17
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30357 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev29, 7.4.0-rev24,...
APPLE-SA-2011-10-12-1 iOS 5 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch 3rd generation and later, iOS...
CVE-2011-3253
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate...
Design/Logic Flaw
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate...
CVE-2011-3253
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, allowing MITM attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. Affected: iOS
CVE-2011-3253
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate...
Design/Logic Flaw
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE:...
CVE-2008-2006
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a .ics file containing 1 a large 16-bit integer on a TRIGGER line, or 2 a large integer...
Null pointer dereference
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a .ics file containing 1 a large 16-bit integer on a TRIGGER line, or 2 a large integer...
CVE-2008-2006
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a .ics file containing 1 a large 16-bit integer on a TRIGGER line, or 2 a large integer...
CVE-2008-2006
Summary of the CVE-2008-2006 family (Apple iCal) : The iCal client on Mac OS X 10.5.x (notably 3.0.1; affected up to 10.5.2; PoCs mention 3.0.1/3.0.2) contains multiple input-validation bugs in ICS parsing. Root causes include (1) integer overflow/null-pointer dereference on a COUNT value in an R...
Design/Logic Flaw
Unspecified vulnerability in Really Simple CalDAV Store RSCDS before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors...
CVE-2007-5953
Unspecified vulnerability in Really Simple CalDAV Store RSCDS before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors...
CVE-2007-5953
Unspecified vulnerability in Really Simple CalDAV Store RSCDS before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors...
CVE-2007-5953
Technical details about CVE-2007-5953 are not provided in the included documents. Monitor for updates; the RSCDS project before 0.9.0 is described as allowing information disclosure via unspecified vectors.