Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5 up to and including 10.6 and Windows, and prior to 4.1 on Mac OS X 10.4, allow remote malicious users to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple safari 4.0.4 |
||
apple webkit |
||
apple safari 4.0.3 |
||
apple safari |
||
apple safari 4.0.0b |
||
apple safari 4.0 |
||
apple safari 4.0.2 |
||
apple safari 4.0.1 |
Vulmon