Alexios Fakos

Pesquisador den.runs AG
#13162de 53,638
20CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2016-1605
4.3
2016-03-24
Apple · Safari · CVE-2009-2197
**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 9.1 **Description** The issue is related to incorrect data handling. It may allow a remote attacker to substitute the user interface by using a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. **Recommendations** For Apple Safari versions prior to 9.1, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted web pages that may exploit this issue until a patch is applied.
PT-2009-4649
7.1
2009-08-12
Apple · Safari · CVE-2009-2200
**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 4.0.3 **Description** The issue allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document, due to improper restriction of the URL scheme of the pluginspage attribute of an EMBED element. **Recommendations** For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue.
PT-2008-5172
4.3
2008-09-12
Horde · Horde · CVE-2008-3823
**Name of the Vulnerable Software and Affected Versions** Horde versions 3.2.x through 3.2.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. This occurs due to a vulnerability in the MIME library, specifically in the MIME/Contents.php file. **Recommendations** For Horde versions 3.2.x through 3.2.1, update to version 3.2.2 or later to resolve the issue.
PT-2008-5173
4.3
2008-09-12
Popoon · Popoon · CVE-2008-3824
**Name of the Vulnerable Software and Affected Versions** Horde versions 3.1.x through 3.1.8 Horde versions 3.2.x through 3.2.1 Popoon version r22196 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. This occurs due to insufficient input validation in the Text Filter/Filter/xss.php file in Horde and the externalinput.php file in Popoon. **Recommendations** For Horde versions 3.1.x through 3.1.8, update to version 3.1.9 or later. For Horde versions 3.2.x through 3.2.1, update to version 3.2.2 or later. For Popoon version r22196 and earlier, update to a version later than r22196.