Summary The Apple iPhone version 1.0.0 web browser has a special feature that allows the user to dial any phone number displayed on the currently viewed web page simply by tapping the number. This feature can be exploited by attackers in several serious ways, including: • Redirecting phone calls placed by the user to different phone ...

Severity: CriticalSystem Affected: For a complete list of products and components affected, please visit http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html Description:A vulnerability has been discovered in Oracle Application Server 10g (10.1.2) on Windows 2000 Server and others (see list above). If exploited, this can result in ...

Severity: Medium System Affected: 5.2 Windows Linux Solaris HP-UX PA RISC 5.1Windows Solaris IBM AIX 5.0Windows Linux Solaris IBM AIX HP-UX PA RISC HP-UX Itanium 4.2.5Windows Solaris A complete list of products using vulnerable version of the EAServer is available from Sybase alert page http://www.sybase.com/detail?id=1036742Description:A ...

Severity: High System Affected: IIS Servers exposing ASP.NET Web services that consume arrays in RPC/Encoded mode Applications using System.Xml.Serialization to consume untrusted data in RPC/Encoded mode Description:We have found that by sending a custom SOAP message to an RPC/Encoded web method which accepts an array (or any object derived from ...

System Affected: Sun-ONE Application Server 7.0 for Windows 2000/XP Description:During a brief audit of a SunONE Application Server installation on Windows 2000, SPI Labs discovered a number of vulnerabilities. Each of the vulnerabilities is described in detail below. Issue 1: JSP source code disclosure Severity: HighIt is possible to view the ...

Severity: High System Affected: IBM WebSphere Application 6 and prior. Description:The practice of sharing the document root of the app server within the document root of the web server creates a security exposure that can result in the jsp source being served up as plain text by the web server. The plug-in has a set of rules used to determine ...

Severity: High Systems Affected: • WebLogic Server and Express 6.0 • WebLogic Server and Express 6.1 • WebLogic Server and Express 7.0Description: SPI Labs and S21sec have identified a serious vulnerability that could allow an attacker to gain unauthorized access to the applications and systems present on an affected Weblogic ...