Page 117 of 613 results (0.014 seconds)

CVSS: 7.6EPSS: 3%CPEs: 8EXPL: 2

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. HelpViewer en Mac OS X 10.3.3 y 10.2.8 procesa scripts que no inició, lo que puede permitir a atacantes ejecuatar código de su elección, un problema que fue reportado originalmente como una vulnerabilidad de atravesamiento de directorios en el navegador web Safari usanto el manejador de URI help: • https://www.exploit-db.com/exploits/24121 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.html http://lists.apple.com/mhonarc/security-announce/msg00053.html http://secunia.com/advisories/11622 http://securitytracker.com/id?1010167 http://www.fundisom.com/owned/warning http://www.kb.cert.org/vuls/id/578798 http://www.osvdb.org/6184 http://www.securityfocus.com/bid/10356 https://exchange.xforce.ibmcloud.com/vulnerabilities/16166 •

CVSS: 5.1EPSS: 10%CPEs: 2EXPL: 3

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field. Desbordamiento de búfer basado en la pila en AppleFileServer de MAC OS X 10.3.3 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante un paquete LoginExt para un método de autenticación de usuario (User Authentication Method - UAM) con contraseña en texto plano con un arguemento PathName que incluye un cadena de tipo de AFPName más larga que el campo de longitud asociado. • https://www.exploit-db.com/exploits/16863 https://www.exploit-db.com/exploits/9931 https://www.exploit-db.com/exploits/391 http://lists.apple.com/mhonarc/security-announce/msg00049.html http://secunia.com/advisories/11539 http://securitytracker.com/id?1010039 http://www.atstake.com/research/advisories/2004/a050304-1.txt http://www.kb.cert.org/vuls/id/648406 http://www.securiteam.com/securitynews/5QP0115CUO.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16049 •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0

Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. • http://lists.virus.org/macsec-0405/msg00000.html http://secunia.com/advisories/11539 http://securitytracker.com/id?1010045 http://www.auscert.org.au/render.html?it=4070 http://www.securityfocus.com/bid/10270 https://exchange.xforce.ibmcloud.com/vulnerabilities/16051 •

CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •

CVSS: 5.0EPSS: 0%CPEs: 245EXPL: 0

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •