CVE-2007-2401 – Apple WebCore - XMLHTTPRequest Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2401
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Una vulnerabilidad de inyección de CRLF en WebCore en Mac OS X las versiones 10.3.9, 10.4.9 y posterior, y iPhone anterior a la versión 1.0.1, permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de caracteres LF en una petición XMLHttpRequest, que no se filtran al serializar los encabezados por medio de la función setRequestHeader. NOTA: este problema puede explotarse por ataques de tipo cross-site scripting (XSS). • https://www.exploit-db.com/exploits/30228 http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36449 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/845708 http://www.securityfocus.com/archive/1/472198/100/0/threaded http://www.securityfocus.com/bid/24598 http://ww • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-2399
https://notcve.org/view.php?id=CVE-2007-2399
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una "invalid type conversion", que permite a atacantes remotos ejecutar código arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36130 http://osvdb.org/36450 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/389868 http://www.securityfocus.com/bid/24597 http://www.securitytracker.com/id?1018281 http://www.vupen.com/english/advisories/2007/2296 •
CVE-2007-0750
https://notcve.org/view.php?id=CVE-2007-0750
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. Desbordamiento de entero en el CoreGraphics del Apple Mac OS X 10.4 hasta la 10.4.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (terminación de la aplicación) o ejecutar código de su elección a través de un fichero PDF modificado. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.osvdb.org/35146 http://www.securityfocus.com/bid/24144 http://www.securitytracker.com/id?1018114 http://www.vupen.com/english/advisories/2007/1939 https://exchange.xforce.ibmcloud.com/vulnerabilities/34499 •
CVE-2007-0753 – Apple Mac OSX 10.4.9 - VPND Local Format String
https://notcve.org/view.php?id=CVE-2007-0753
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. Una vulnerabilidad de cadena de formato en el demonio VPN (vpnd) en Apple Mac OS X versiones 10.3.9 y 10.4.9 permite a los usuarios locales ejecutar código arbitrario por medio del parámetro -i. • https://www.exploit-db.com/exploits/30096 https://www.exploit-db.com/exploits/4013 http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.osvdb.org/35143 http://www.securityfocus.com/archive/1/469882/100/0/threaded http://www.securityfocus.com/archive/1/469889/100/0/threaded http://www.securityfocus.com/bid/24144 http://www.securityfocus.com/bid/2420 • CWE-134: Use of Externally-Controlled Format String •
CVE-2007-0752 – Apple Mac OSX 10.4.8 - pppd Plugin Loading Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0752
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. El demonio PPP (pppd) en el Apple Mac OS X 10.4.8 comprueba la propiedad del descriptor del fichero stdin para determinar si el solicitante tiene suficientes privilegios, lo que permite a usuarios locales cargar extensiones de su elección y obtener privilegios de administrador evitando estas comprobaciones. • https://www.exploit-db.com/exploits/3985 http://docs.info.apple.com/article.html?artnum=305530 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.osvdb.org/35144 http://www.securityfocus.com/bid/24144 http://www.securitytracker.com/id?1018124 http://www.vupen.com/english/advisories/2007/1939 https://exchange.xforce.ibmcloud.com/vulnerabilities •