
CVE-2007-6429 – xfree86: integer overflow in EVI extension
https://notcve.org/view.php?id=CVE-2007-6429
18 Jan 2008 — Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. Múltiples desbordamientos de búfer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes l... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2007-4568 – xfs integer overflow in the build_range function
https://notcve.org/view.php?id=CVE-2007-4568
05 Oct 2007 — Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función build_range de X.Org X Font Server (xfs) anterior a 1.0.5 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección a través de peticiones de protocolo (2... • http://bugs.freedesktop.org/show_bug.cgi?id=12298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVE-2007-4990 – xfs heap overflow in the swap_char2b function
https://notcve.org/view.php?id=CVE-2007-4990
05 Oct 2007 — The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. La función swap_char2b de X.Org X Font Server (xfs) anterior a 1.0.5 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante peticiones de protocol... • http://bugs.freedesktop.org/show_bug.cgi?id=12299 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVE-2007-5189
https://notcve.org/view.php?id=CVE-2007-5189
03 Oct 2007 — Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. Múltiples vulnerabilidades de inyección SQL en mes_add.php de x-script GuestBook 1.3a, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) name, (2) email, (3) icq, y (4) website. • http://securityreason.com/securityalert/3186 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2007-4843 – Unreal Commander 0.92 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-4843
12 Sep 2007 — Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en X-Diesel Unreal Commander 0.92 construcción 565 y 573 permite a servidores FTP crear o sobrescribir archivos de su eleccióna través de la secuencia .. (punto punto) en un nombre de archivo. • https://www.exploit-db.com/exploits/30569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2007-4844
https://notcve.org/view.php?id=CVE-2007-4844
12 Sep 2007 — X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. X-Diesel Unreal Commander 0.92 build 565 y 573 no reacciona adecuadamente al comportamiento de un servidor FTP tras enviar un comando "CWD /", lo cual permite a servidores FTP remotos provocar ... • http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt • CWE-20: Improper Input Validation •

CVE-2007-4730 – X.org composite extension buffer overflow
https://notcve.org/view.php?id=CVE-2007-4730
11 Sep 2007 — Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Desbordamiento de búfer en la función compNewPixmap de compalloc.c en la extensión Composite para el servidor X11 X.org anterior a 1.4 permite a usuarios locales ejecutar código de su elección copiando datos de un mapa de píxeles con gran profundidad de píxel ... • http://bugs.freedesktop.org/show_bug.cgi?id=7447 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2007-4545 – Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-4545
27 Aug 2007 — Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. Múltiples vulnerabilidades de salto de directorio en Unreal Commander 0.92 construcción 565 y 573 permite a atacantes remotos con la intervención del usuario crear o sobrescribir archivos de su elección a través de una secuencia ..(punto punto) en un nombre de archivo con un ar... • https://www.exploit-db.com/exploits/30521 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2007-4546
https://notcve.org/view.php?id=CVE-2007-4546
27 Aug 2007 — Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. Unreal Commander 0.92 construcción 565 y 573 lista los nombres de archivo desde el directorio central de un archivo ZIP, pero extrae los nombres de fichero locales que corresponden a los nombres de lo... • http://osvdb.org/45831 •

CVE-2007-4547
https://notcve.org/view.php?id=CVE-2007-4547
27 Aug 2007 — Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users. Unreal Commander 0.92 construcción 565 y 573 escribe porciones de la pila de memo... • http://osvdb.org/45832 •