CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0513
https://notcve.org/view.php?id=CVE-2004-0513
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls." Vulnerabilidad no especificada en Mac OS X versiones anteriores a 10.3.4, tiene un impacto desconocido y vectores de ataque relacionados con "registro de sucesos cuando se siguen llamadas del sistema". • http://lists.apple.com/archives/security-announce/2004/May/msg00005.html http://www.securityfocus.com/bid/10432 http://www.securitytracker.com/alerts/2004/May/1010329.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16291 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0485
https://notcve.org/view.php?id=CVE-2004-0485
The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. El ayudante de protocolo para URI "disk:" en Mac OX X 10.3.3 y 10.2.8 permite a atacantes remotos escribir ficheros arbitrarios haciendo que un fichero de imagen de disco (.dmg) sea montado como un volumen de disco. • http://fundisom.com/owned/warning http://lists.apple.com/mhonarc/security-announce/msg00053.html http://lists.seifried.org/pipermail/security/2004-May/003743.html http://secunia.com/advisories/11622 http://www.kb.cert.org/vuls/id/210606 https://exchange.xforce.ibmcloud.com/vulnerabilities/16166 •
CVSS: 7.6EPSS: 3%CPEs: 8EXPL: 2CVE-2004-0486 – Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-0486
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. HelpViewer en Mac OS X 10.3.3 y 10.2.8 procesa scripts que no inició, lo que puede permitir a atacantes ejecuatar código de su elección, un problema que fue reportado originalmente como una vulnerabilidad de atravesamiento de directorios en el navegador web Safari usanto el manejador de URI help: • https://www.exploit-db.com/exploits/24121 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.html http://lists.apple.com/mhonarc/security-announce/msg00053.html http://secunia.com/advisories/11622 http://securitytracker.com/id?1010167 http://www.fundisom.com/owned/warning http://www.kb.cert.org/vuls/id/578798 http://www.osvdb.org/6184 http://www.securityfocus.com/bid/10356 https://exchange.xforce.ibmcloud.com/vulnerabilities/16166 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2004-0489
https://notcve.org/view.php?id=CVE-2004-0489
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. Vulnerabilidad de inyección de argumentos en el manejador de URI SSH de Safari sobre Mac OS 10.3.3 y anteriores permite a atacantes remotos (1) ejecutar código de su elección mediante la opción ProxyCommand o (2) hacer reenvío de puertos mediante la opción -R. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html http://www.insecure.ws/article.php?story=200405222251133 https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.1EPSS: 10%CPEs: 2EXPL: 3CVE-2004-0430 – AppleFileServer (OSX) - LoginExt PathName Overflow
https://notcve.org/view.php?id=CVE-2004-0430
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field. Desbordamiento de búfer basado en la pila en AppleFileServer de MAC OS X 10.3.3 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante un paquete LoginExt para un método de autenticación de usuario (User Authentication Method - UAM) con contraseña en texto plano con un arguemento PathName que incluye un cadena de tipo de AFPName más larga que el campo de longitud asociado. • https://www.exploit-db.com/exploits/16863 https://www.exploit-db.com/exploits/9931 https://www.exploit-db.com/exploits/391 http://lists.apple.com/mhonarc/security-announce/msg00049.html http://secunia.com/advisories/11539 http://securitytracker.com/id?1010039 http://www.atstake.com/research/advisories/2004/a050304-1.txt http://www.kb.cert.org/vuls/id/648406 http://www.securiteam.com/securitynews/5QP0115CUO.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16049 •