Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x_server
(Apple)| Repositories | https://github.com/apache/httpd |
| #Vulnerabilities | 664 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-06-17 | CVE-2010-0541 | Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-06-17 | CVE-2010-0540 | Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0537 | DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0535 | Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0534 | Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0533 | Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0526 | Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0525 | Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0524 | The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2010-03-30 | CVE-2010-0523 | Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | Mac_os_x_server | N/A |