Vulnerabilites related to omnigroup - omniweb
CVE-2005-0976 (GCVE-0-2005-0976)
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2005-04-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://remahl.se/david/vuln/001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2005-04-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://remahl.se/david/vuln/001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-04-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
},
{
"name": "http://remahl.se/david/vuln/001/",
"refsource": "MISC",
"url": "http://remahl.se/david/vuln/001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0976",
"datePublished": "2005-04-18T04:00:00",
"dateReserved": "2005-04-05T00:00:00",
"dateUpdated": "2024-08-07T21:35:58.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0236 (GCVE-0-2005-0236)
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shmoo.com/idn/homograph.txt",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name": "http://www.shmoo.com/idn",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0236",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0233 (GCVE-0-2005-0233)
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0233",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0342 (GCVE-0-2007-0342)
Vulnerability from cvelistv5
Published
2007-01-18 02:00
Modified
2025-04-03 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22059"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-protocols.com/sp-x41-advisory.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-0342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:55:47.108333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:57:31.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-18T02:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22059"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-protocols.com/sp-x41-advisory.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22059"
},
{
"name": "http://security-protocols.com/sp-x41-advisory.php",
"refsource": "MISC",
"url": "http://security-protocols.com/sp-x41-advisory.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0342",
"datePublished": "2007-01-18T02:00:00.000Z",
"dateReserved": "2007-01-17T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:57:31.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0238 (GCVE-0-2005-0238)
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shmoo.com/idn/homograph.txt",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name": "http://www.shmoo.com/idn",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn"
},
{
"name": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0238",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1102 (GCVE-0-2010-1102)
Vulnerability from cvelistv5
Published
2010-03-24 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "omniweb-tcp-security-bypass(57236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
},
{
"name": "20100323 Safari browser port blocking bypassed by integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "omniweb-tcp-security-bypass(57236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
},
{
"name": "20100323 Safari browser port blocking bypassed by integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "omniweb-tcp-security-bypass(57236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
},
{
"name": "20100323 Safari browser port blocking bypassed by integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1102",
"datePublished": "2010-03-24T18:00:00",
"dateReserved": "2010-03-24T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0148 (GCVE-0-2007-0148)
Vulnerability from cvelistv5
Published
2007-01-09 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.omnigroup.com/applications/omniweb/releasenotes/"
},
{
"name": "21911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21911"
},
{
"name": "3098",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3098"
},
{
"name": "23624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/"
},
{
"name": "ADV-2007-0075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0075"
},
{
"name": "omniweb-alert-format-string(31324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31324"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html"
},
{
"name": "20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456578/100/0/threaded"
},
{
"name": "31222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.omnigroup.com/applications/omniweb/releasenotes/"
},
{
"name": "21911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21911"
},
{
"name": "3098",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3098"
},
{
"name": "23624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/"
},
{
"name": "ADV-2007-0075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0075"
},
{
"name": "omniweb-alert-format-string(31324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31324"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html"
},
{
"name": "20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456578/100/0/threaded"
},
{
"name": "31222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.omnigroup.com/applications/omniweb/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.omnigroup.com/applications/omniweb/releasenotes/"
},
{
"name": "21911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21911"
},
{
"name": "3098",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3098"
},
{
"name": "23624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23624"
},
{
"name": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/",
"refsource": "CONFIRM",
"url": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/"
},
{
"name": "ADV-2007-0075",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0075"
},
{
"name": "omniweb-alert-format-string(31324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31324"
},
{
"name": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html"
},
{
"name": "20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456578/100/0/threaded"
},
{
"name": "31222",
"refsource": "OSVDB",
"url": "http://osvdb.org/31222"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0148",
"datePublished": "2007-01-09T18:00:00",
"dateReserved": "2007-01-09T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Exploit, Vendor Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=110782704923280&w=2 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/12461 | ||
| secalert@redhat.com | http://www.shmoo.com/idn | Exploit | |
| secalert@redhat.com | http://www.shmoo.com/idn/homograph.txt | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110782704923280&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn/homograph.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0236",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Broken Link, Exploit, Vendor Advisory | |
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=110782704923280&w=2 | Mailing List | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| secalert@redhat.com | http://www.mozilla.org/security/announce/mfsa2005-29.html | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html | Broken Link, Exploit, Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-176.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-384.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/12461 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.shmoo.com/idn | Broken Link, Exploit, Vendor Advisory | |
| secalert@redhat.com | http://www.shmoo.com/idn/homograph.txt | Broken Link, Exploit, Vendor Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029 | Tool Signature | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229 | Tool Signature | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110782704923280&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/mfsa2005-29.html | Exploit, Patch, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html | Broken Link, Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-176.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-384.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12461 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn/homograph.txt | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029 | Tool Signature | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229 | Tool Signature |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | camino | 0.8.5 | |
| mozilla | firefox | 1.0 | |
| mozilla | mozilla | * | |
| omnigroup | omniweb | 5 | |
| opera | opera_browser | * | |
| opera_software | opera_web_browser | 7.54 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F232DA-F897-4429-922E-F5CFF865A8AA",
"versionEndExcluding": "1.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
"versionEndIncluding": "7.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "142EB1E3-2918-4792-83D7-9D7B6A3BD26B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0233",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html | ||
| cve@mitre.org | http://remahl.se/david/vuln/001/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://remahl.se/david/vuln/001/ | Exploit |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hmdt:shiira:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF8DEAB-3C52-4197-BC87-213EF7D45E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBAD3B-6388-4356-BEEE-32D8F69D5446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs."
}
],
"id": "CVE-2005-0976",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://remahl.se/david/vuln/001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://remahl.se/david/vuln/001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-18 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security-protocols.com/sp-x41-advisory.php | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/22059 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security-protocols.com/sp-x41-advisory.php | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22059 | Exploit |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D113B5-070D-4F91-AB5E-222D71C90EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:webkit:build_18794:*:*:*:*:*:*:*",
"matchCriteriaId": "0026565B-0264-495B-851F-5E71439DA8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC068FD4-9B1B-42E3-9544-1E020602F96F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019."
},
{
"lang": "es",
"value": "WebCore en Apple WebKit construcci\u00f3n 18974 permite a un atacante remoto provocar denegaci\u00f3n de servicio de un servicio (referencia null y caida de aplicaci\u00f3n) a trav\u00e9s del elemento TD con un gran n\u00famero en el atributo ROWSPAN, como se demostr\u00f3 con un caida de OmniWeb 5.5.3 sobre Mac OS X 10.4.8, una vulnerabilidad diferente que la CVE-2006-2019."
}
],
"id": "CVE-2007-0342",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2007-01-18T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://security-protocols.com/sp-x41-advisory.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://security-protocols.com/sp-x41-advisory.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-24 22:45
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/510283/100/0/threaded | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/57236 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/510283/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/57236 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FA335F-AFD8-48A3-9CE5-E6DD51A79D17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in OmniWeb allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25."
},
{
"lang": "es",
"value": "Desbordamiento de entero en OmniWeb permite a atacantes remotos evitar las restricciones establecidas en los puertos de las conexiones salientes TCP a trav\u00e9s de un n\u00famero de puerto fuera del rango del tipo de dato de valor corto sin signo, como se ha demostrado con el valor 65561 para el puerto TCP 25."
}
],
"id": "CVE-2010-1102",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-24T22:45:16.107",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510283/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57236"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-09 18:28
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/ | ||
| cve@mitre.org | http://osvdb.org/31222 | ||
| cve@mitre.org | http://projects.info-pull.com/moab/MOAB-07-01-2007.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/23624 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt | ||
| cve@mitre.org | http://www.omnigroup.com/applications/omniweb/releasenotes/ | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/456578/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/21911 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0075 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/31324 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/3098 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/31222 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://projects.info-pull.com/moab/MOAB-07-01-2007.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23624 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.omnigroup.com/applications/omniweb/releasenotes/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/456578/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0075 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/31324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/3098 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "723170E8-2945-4D6E-AF82-485EF9EC00A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en OmniGroup OmniWeb 5.5.1 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de formatos espec\u00edficos de cadena en la funci\u00f3n de alerta de Javascript."
}
],
"id": "CVE-2007-0148",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-01-09T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31222"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23624"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.omnigroup.com/applications/omniweb/releasenotes/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456578/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21911"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0075"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31324"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://projects.info-pull.com/moab/MOAB-07-01-2007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.omnigroup.com/applications/omniweb/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456578/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Exploit, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/12461 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.shmoo.com/idn | Broken Link, Exploit, Vendor Advisory | |
| secalert@redhat.com | http://www.shmoo.com/idn/homograph.txt | Broken Link, Exploit, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 | Broken Link, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12461 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shmoo.com/idn/homograph.txt | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 | Broken Link, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
"matchCriteriaId": "078698FD-775C-4B73-998D-F6B4F601185C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31063052-D74D-41D0-B63D-4A7BADAC9C60",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
"versionEndIncluding": "7.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0238",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}