Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48
From version Icon 10.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:31
Change comment: There is no comment for this version
To version Icon 9.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:30
Change comment: Upload new image ipad-tmp-owned.png

Summary

Details

Icon Page properties
Content
... ... @@ -26,12 +26,8 @@
26 26  Webkit uses [[libxslt>>Engine_libxslt]] as its XSLT engine. Old versions were not restricting __write__ access by the engine to the file system, leading to a remotely exploitable vulnerability ([[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank"]]). This was patched in [[Changeset 79159>>http://trac.webkit.org/changeset/79159||rel="__blank"]] by adding appropriate calls to xsltSetSecurityPrefs().
27 27  
28 28  
29 -PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability :
29 +PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability.
30 30  
31 -[[image:macos-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
32 -
33 -[[image:ipad-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
34 -
35 35  == Meatsploit ==
36 36  
37 37  Two modules are included in Metasploit :
Icon macos-tmp-owned.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -12.4 KB
Content Icon