Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0976 | AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | 5.0 |
| 2005-05-02 | CVE-2005-0712 | Unspecified vulnerability in Apple mac OS X 10.1/10.2/10.3.4 Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | 4.6 |
| 2005-05-02 | CVE-2005-0341 | Cross-Site Scripting vulnerability in Apple Safari 1.2.4 Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. network apple | 4.3 |
| 2005-05-02 | CVE-2005-0340 | Remote Integer Overflow vulnerability in Apple Mac OS X AppleFileServer Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. | 5.0 |
| 2005-05-02 | CVE-2005-0289 | Remote Denial of Service vulnerability in Apple AirPort Wireless Distribution System Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | 5.0 |
| 2005-05-02 | CVE-2005-0234 | Unspecified vulnerability in Apple Safari 1.2.5 The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
| 2005-05-02 | CVE-2005-0127 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | 5.0 |
| 2005-04-14 | CVE-2005-1043 | exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | 5.0 |
| 2005-03-21 | CVE-2005-0713 | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. | 4.6 |
| 2005-03-01 | CVE-2004-0988 | Unspecified vulnerability in Apple Quicktime Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. | 5.0 |