Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Source: Apple Inc.
Max CVSS
3.5
EPSS Score
0.12%
Published
2010-11-16
Updated
2010-12-10
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
Source: Apple Inc.
Max CVSS
3.5
EPSS Score
0.26%
Published
2010-06-17
Updated
2010-06-18
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.
Source: Apple Inc.
Max CVSS
3.5
EPSS Score
0.21%
Published
2010-06-17
Updated
2010-06-18
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
Source: Apple Inc.
Max CVSS
3.3
EPSS Score
0.04%
Published
2010-06-17
Updated
2010-06-17
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
Source: MITRE
Max CVSS
3.7
EPSS Score
0.04%
Published
2005-06-08
Updated
2008-09-05
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
Source: MITRE
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-05-03
Updated
2008-09-10
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!