CVE-2005-1933

Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier CFBundleIdentifier, a different vulnerability than CVE-2005-1474...

CVE-2005-1474

Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933...

CVE-2005-1474

In CVE-2005-1474, Apple Mac OS X 10.4.1’s Dashboard allows remote widget installation through Safari without user prompts, enabling execution or installation of user widgets that can override system widgets. The vulnerability stems from Safari automatically handling widget installation and widget...

CVE-2005-1933

Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier CFBundleIdentifier, a different vulnerability than CVE-2005-1474...

CVE-2005-1727

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the 1 system cache folder and 2 Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."...

Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget

Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...

Apple Safari automatically installs Dashboard widgets

Overview Apple Safari on Mac OS X Tiger automatically installs Dashboard widgets without user intervention or notice. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is a collection of applications called "widgets." The system-installed widgets a...