Lucene search
+L

98 matches found

nessus
nessus
added 2014/02/25 12:0 a.m.81 views

Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)

The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date...

10CVSS8.1AI score0.73327EPSS
Exploits18References32
nvd
nvd
added 2013/10/24 3:48 a.m.20 views

CVE-2013-5178

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...

5CVSS5.7AI score0.01042EPSS
Exploits0References2
nvd
nvd
added 2013/10/24 3:48 a.m.30 views

CVE-2013-5179

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...

7.5CVSS5.8AI score0.01329EPSS
Exploits0References2
prion
prion
added 2013/10/24 3:48 a.m.18 views

Design/Logic Flaw

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...

5CVSS6.2AI score0.01042EPSS
Exploits0References2Affected Software1
prion
prion
added 2013/10/24 3:48 a.m.31 views

Design/Logic Flaw

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...

7.5CVSS6.2AI score0.01329EPSS
Exploits0References2Affected Software1
cve
cve
added 2013/10/24 1:0 a.m.65 views

CVE-2013-5179

The CVE-2013-5179 entry concerns Apple Mac OS X sandbox bypass vulnerabilities described in the NVD entry: App Sandbox in OS X before 10.9 can be bypassed when a crafted app uses LaunchServices to specify process arguments, enabling sandbox evasion. Connected sources confirm the issue is tied to ...

7.5CVSS5.9AI score0.01329EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2013/10/24 1:0 a.m.25 views

CVE-2013-5178

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...

5.7AI score0.01042EPSS
Exploits0References2
cve
cve
added 2013/10/24 1:0 a.m.50 views

CVE-2013-5178

CVE-2013-5178 : In Apple Mac OS X prior to 10.9, LaunchServices does not properly restrict Unicode characters in filenames, allowing context-dependent attackers to spoof file extensions via crafted character sequences. The underlying issue is the handling/filtering of Unicode characters in displa...

5CVSS5.8AI score0.01042EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2013/10/24 1:0 a.m.33 views

CVE-2013-5179

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...

5.7AI score0.01329EPSS
Exploits0References2
nessus
nessus
added 2013/10/23 12:0 a.m.62 views

Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)

The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld -...

9.3CVSS6.4AI score0.73327EPSS
Exploits23References52
seebug
seebug
added 2011/10/15 12:0 a.m.32 views

Apple Safari Arbitrary Code Execution

No description provided by source. CVE: CVE-2011-3230 Found By: Aaron Sigel of vtty.com There's not a ton to say about this bug aside from "Yikes"! I think the PoC speaks for itself. This allows you to send any "file:" url to LaunchServices, which will run binaries, launch applications, or open...

6.8CVSS0.2AI score0.50213EPSS
Exploits8
packetstorm
packetstorm
added 2011/10/15 12:0 a.m.43 views

Apple Safari Arbitrary Code Execution

CVE: CVE-2011-3230 Found By: Aaron Sigel of vtty.com There's not a ton to say about this bug aside from "Yikes"! I think the PoC speaks for itself. This allows you to send any "file:" url to LaunchServices, which will run binaries, launch applications, or open content in the default application,...

6.8CVSS0.1AI score0.50213EPSS
Exploits8
cvelist
cvelist
added 2006/08/03 1:0 a.m.22 views

CVE-2006-3504

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari...

6.3AI score0.01491EPSS
Exploits1References7
cve
cve
added 2006/08/03 1:0 a.m.55 views

CVE-2006-3504

CVE-2006-3504 affects Apple Mac OS X 10.4.7 where LaunchServices’ Download Validation can misclassify HTML as “safe.” If Safari’s “Open ‘safe’ files after downloading” is enabled, a downloaded HTML file could auto-open in a local context and allow embedded JavaScript to bypass local access restri...

5.1CVSS6.3AI score0.01491EPSS
Exploits1References7Affected Software2
nvd
nvd
added 2006/05/12 9:2 p.m.14 views

CVE-2006-1447

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

5CVSS6AI score0.03071EPSS
Exploits0References8
prion
prion
added 2006/05/12 9:2 p.m.16 views

Open redirect

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

5CVSS6.3AI score0.03071EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2006/05/12 9:0 p.m.16 views

CVE-2006-1447

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

6AI score0.03071EPSS
Exploits0References8
cve
cve
added 2006/05/12 9:0 p.m.51 views

CVE-2006-1447

CVE-2006-1447 affects Apple Mac OS X 10.4.6 LaunchServices. The issue lets remote attackers cause Safari to launch unsafe content by exploiting long file name extensions, which prevents Download Validation from determining which application will be used. The provided documents do not include a co...

5CVSS6AI score0.03071EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2006/05/12 12:0 a.m.68 views

[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...

0.1AI score
Exploits0
nvd
nvd
added 2006/03/14 11:2 a.m.24 views

CVE-2006-0397

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...

7.5CVSS5.6AI score0.01537EPSS
Exploits0References7
Rows per page
Query Builder