202 matches found
Mac OS X 10.4.8 DiskManagement BOM (cron) Privilege Escalation Exploit
Exploit for macOS platform in category local exploits ====================================================================== Mac OS X 10.4.8 DiskManagement BOM cron Privilege Escalation Exploit ====================================================================== !/usr/bin/ruby c 2006 LMH code...
CVE-2006-3497
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted Zip archive...
CVE-2006-3497
CVE-2006-3497 : A memory corruption vulnerability in Mac OS X’s Bom caused by the compression state handling of ZIP archives. A crafted ZIP file could crash the application or allow arbitrary code execution with the user’s privileges. Affected systems include Mac OS X 10.3.9 and 10.4.7. Remediati...
CVE-2006-3497
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted Zip archive...
security flaw
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
CVE-2006-2783
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
Cross site scripting
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
CVE-2006-2783
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
CVE-2006-2783
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
CVE-2006-2783
Technical details for CVE-2006-2783 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2006-2783
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...
Web site XSS using BOM on UTF-8 pages — Mozilla
Masatoshi Kimura reports that the Unicode Byte-order-Mark BOM is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page. As a result the parser will see and process script tags that web input sanitizers may miss because they appear as "scrBOMipt" or similar...
CVE-2006-1440
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links...
Code injection
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links...
CVE-2006-1440
The CVE-2006-1440 entry affects Apple Mac OS X, specifically versions 10.3.9 and 10.4.6. The vulnerability arises from a BOM-related issue where an archive containing symbolic links can lead attackers to overwrite arbitrary files. The connected documents corroborate the same description, reinforc...
CVE-2006-1440
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links...
[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...
CVE-2006-1985
CVE-2006-1985: Heap-based buffer overflow in BOM BOMArchiveHelper (Mac OS X 10.4.6 and earlier) allows user-assisted arbitrary-code execution via crafted archives with long path names, triggering BOMStackPop. Documented impact and vulnerable component are described; no remediation details are pro...
Directory traversal
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper...
CVE-2006-0391
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper...