194 matches found
Palm WebOS 1.01.1 - Email Arbitrary Script Injection
Palm WebOS 1.01.1 - Email Arbitrary Script Injection source: https://www.securityfocus.com/bid/36592/info Palm WebOS is prone to an arbitrary-script-injection vulnerability because the integrated email application fails to properly sanitize user-supplied input. An attacker can exploit this issue ...
Palm Pre WebOS 1.1 - Remote File Access
Palm Pre WebOS 1.1 - Remote File Access I. Description The Palm Pre WebOS =1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+...
Palm Pre WebOS <=1.1 Remote File Access Vulnerability
Exploit for unknown platform in category remote exploits ===================================================== Palm Pre WebOS =1.1 Remote File Access Vulnerability ===================================================== Title: Palm Pre WebOS =1.1 Remote File Access Vulnerability CVE-ID: OSVDB-ID:...
Palm WebOS 1.0/1.1 - Email Arbitrary Script Injection
source: https://www.securityfocus.com/bid/36592/info Palm WebOS is prone to an arbitrary-script-injection vulnerability because the integrated email application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code. Successful exploits...
Palm Pre WebOS 1.1 - Remote File Access
I. Description The Palm Pre WebOS =1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+. Palm WebOS 1.2 patch information can be...
Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability
I. Description The Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on the phone via certain applications. The affected applications involve the native email client via the notifications system as well as the native calendar application. The vendor ha...
Palm Pre WebOS 1.0.4 HTML Injection
I. Description The Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on the phone via certain applications. The affected applications involve the native email client via the notifications system as well as the native calendar application. The vendor ha...
Palm WebOS URL处理未明拒绝服务漏洞
Bugraq ID: 35786 CNCAN ID:CNCAN-2009072505 Palm webOS是一款基于移动设备的WEB OS操作系统。 Palm webOS包含的"LunaSysMgr"服务处理URLs时存在未明错误,远程攻击者可以利用漏洞通过构建URL诱使用户访问触发内存破坏,可能以系统进程权限执行任意指令。 目前没有详细漏洞细节提供。 Palm webOS 1.0.4 厂商解决方案 目前没有解决方案提供: http://palmwebos.org/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Spymac WebOS WOS 5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 delfolder, 2 nick, or 3 action parameters to a notes/index.php, 4 curr parameter to b ipod/getipod.php, and in c login.php...
CVE-2006-2488
Multiple cross-site scripting XSS vulnerabilities in Spymac WebOS WOS 5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 delfolder, 2 nick, or 3 action parameters to a notes/index.php, 4 curr parameter to b ipod/getipod.php, and in c login.php...
CVE-2006-2488
Spymac WebOS (WOS) 5.0 is affected by CVE-2006-2488, which contains multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via the following parameters: del_folder, nick, or action in notes/index.php; curr in ipod/get_ipod.php...
CVE-2006-2488
Multiple cross-site scripting XSS vulnerabilities in Spymac WebOS WOS 5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 delfolder, 2 nick, or 3 action parameters to a notes/index.php, 4 curr parameter to b ipod/getipod.php, and in c login.php...
CVE-2002-0209
CVE-2002-0209 affects Nortel Alteon ACEdirector WebOS 9.0 with SLB and Cookie-Based Persistence enabled. A remote attacker can determine the real IP address of a web server when a half-closed session is present, causing ACEdirector to send packets from the server without mapping to the virtual IP...
Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing
source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of webservers that are managed by an ACEdirector. When a client is...