CVE-2008-1000 – Apple Mac OSX Server 10.5 - Wiki Server Directory Traversal
https://notcve.org/view.php?id=CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. Vulnerabilidad de salto de directorio deContentServer.py en the Wiki Server en Apple Mac OS X 10.5.2 (Leopard), permite a usuarios autenticados remotamente escribir ficheros de su elección a través de secuencias ".." en los ficheros adjuntos. • https://www.exploit-db.com/exploits/31412 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2189 http://www.securityfocus.com/archive/1/489786/100/0/threaded http://www.securityfocus.com/bid/28278 http://www.securitytracker.com/id?1019660 http://www.vupen.com/english/advisories/2008/0924/references • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-0993
https://notcve.org/view.php?id=CVE-2008-0993
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. Podcast Capture en Podcast Producer de Apple Mac OS X 10.5.2, invoca una subtarea con contraseñas en argumentos de línea de comandos, esto permite a usuarios locales leer las contraseñas mediante listados de procesos. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28372 http://www.securitytracker.com/id?1019664 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0047 – cups: heap based buffer overflow in cgiCompileSearch()
https://notcve.org/view.php?id=CVE-2008-0047
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. Un desbordamiento de búfer en la región heap de la memoria en la función cgiCompileSearch en CUPS versión 1.3.5 y otras versiones incluyendo la versión incorporada con Apple Mac OS X versión 10.5.2, cuando el uso compartido de impresoras está habilitado, permite a los atacantes remotos ejecutar código arbitrario por medio de expresiones de búsqueda diseñadas. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29431 http://secunia.com/advisories/29448 http://secunia.com/advisories/29485 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2008-0987
https://notcve.org/view.php?id=CVE-2008-0987
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. Un desbordamiento de búfer en la región stack de la memoria en Image Raw en Apple Mac OS X versión 10.5.2, y Digital Camera RAW Compatibility anteriores al Update 2.0 para Aperture versión 2 y iPhoto versión 7.1.2, permite a los atacantes remotos ejecutar código arbitrario por medio de una imagen Adobe Digital Negative (DNG). • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00003.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29469 http://support.apple.com/kb/HT1232 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28363 http://www.securitytracker.com/id?1019659 http://www.securitytracker.com/id?1019683 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0998
https://notcve.org/view.php?id=CVE-2008-0998
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. Vulnerabilidad sin especificar de NetCfgTool en el componente de configuración de sistema en Apple Mac OS X 10.4.11 y 10.5.2, permite a usuarios locales saltarse la autorización y ejecutar código de elección a través de objetos distribuidos manipulados. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28385 http://www.securitytracker.com/id?1019674 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41281 • CWE-264: Permissions, Privileges, and Access Controls •