CVE-2007-0746
https://notcve.org/view.php?id=CVE-2007-0746
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". Desbordamiento de búfer basado en pila en el marco VideoConference en Apple Mac OS X 10.3.9 hasta la 10.4.9 permite a atacantes remotos ejecutar código de su elección a través de un "paquete manipulado SIP cuando se inicializa una conferencia audio/video". • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.kb.cert.org/vuls/id/969969 http://www.osvdb.org/34870 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •
CVE-2007-0729
https://notcve.org/view.php?id=CVE-2007-0729
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. El cliente Apple File Protocol (AFP) en Apple Mac OS X 10.3.9 hasta la 10.4.9 no limpia de forma adecuada el entorno antes de la ejecución de comandos, lo cual permite a usuarios locales ganar privilegios a través de la configuración de variables de entorno no especificadas. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.kb.cert.org/vuls/id/312424 http://www.osvdb.org/34858 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017944 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-0725
https://notcve.org/view.php?id=CVE-2007-0725
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." Desbordamiento de búfer en el módulo AirPortDriver para AirPort en Apple Mac OS X 10.3.9 hasta 10.4.9, al ejecutarse en hardware con la tarjeta wireless AirPort original, permite a usuarios locales ejecutar código de su elección "enviando comandos de control mal formados". • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34857 http://www.securityfocus.com/bid/23569 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •
CVE-2007-0732
https://notcve.org/view.php?id=CVE-2007-0732
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." Vulnerabilidad no especificada en el demonio CoreServices en CarbonCore en Apple Mac OS X 10.4 hasta 10.4.9 permite a usuarios locales ganar privilegios a través de vectores no especificados afectando a "la obtención del envío correcto en el puerto de la tarea Mach". • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34859 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •
CVE-2007-1884
https://notcve.org/view.php?id=CVE-2007-1884
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. Errores múltiples en signo de entero en la familia de funciones printf en PHP 4 versiones anteriores a 4.4.5 y PHP 5 versiones anteriores a 5.2.1 en arquitecturas de 64 bits permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante (1) argumentos numéricos negativos concretos que aparecen en la función php_formatted_print debido al truncamiento de 64 a 32 bits, y evitar una comprobación del máximo valor permitido; y (2) una longitud y precisión de -1, lo cual hace posible a la función php_sprintf_appendstring situar un búfer interno en una posición de memoria de su elección. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 http://www.osvdb.org/33955 http://www.osvdb.org/34767 http://www.php-security.org/MOPB/MOPB-38-2007.html http://www.php.net/releases/5_2_1.php http://www.securityfocus.com/bid/23219 http://www.vupen.com/ •