CVSS: 7.8EPSS: 5%CPEs: 43EXPL: 0CVE-2007-3073
https://notcve.org/view.php?id=CVE-2007-3073
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc http://larholm.com/2007/05/25/firefox-0day-local-file-reading http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004 http://osvdb.org/35920 http://secunia.com/advisories/25481 http://www.securityfocus.com/archive/1/470500/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367428 https://bugzilla.mozilla.org/show_bug.cgi?id=380994 •
CVSS: 7.1EPSS: 1%CPEs: 43EXPL: 0CVE-2007-2389
https://notcve.org/view.php?id=CVE-2007-2389
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. Apple QuickTime para Java 7.1.6 en Mac OS X y Windows no limpia zonas de memoria potencialmente sensibles antes de usarla, lo cual permite a atacantes remotos leer la memoria desde un navegador web a través de vectores desconocidos relacionados con applets Java. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://www.kb.cert.org/vuls/id/434748 http://www.osvdb.org/35575 http://www.securityfocus.com/bid/24222 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 https://exchange.xforce.ibmcloud.com/vulnerabilities/34571 •
CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0CVE-2007-2388
https://notcve.org/view.php?id=CVE-2007-2388
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. Apple QuickTime para Java versión 7.1.6 en Mac OS X y Windows, no restringe apropiadamente la subclase de QTObject, lo que permite a atacantes remotos ejecutar código arbitrario por medio de una página web que contiene una clase definida por el usuario que accede a funciones no seguras que pueden ser aprovechadas para escribir en ubicaciones de memoria arbitrarias. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://secunia.com/secunia_research/2007-52/advisory http://www.kb.cert.org/vuls/id/995836 http://www.osvdb.org/35576 http://www.securityfocus.com/bid/24221 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 20EXPL: 0CVE-2007-0750
https://notcve.org/view.php?id=CVE-2007-0750
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. Desbordamiento de entero en el CoreGraphics del Apple Mac OS X 10.4 hasta la 10.4.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (terminación de la aplicación) o ejecutar código de su elección a través de un fichero PDF modificado. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.osvdb.org/35146 http://www.securityfocus.com/bid/24144 http://www.securitytracker.com/id?1018114 http://www.vupen.com/english/advisories/2007/1939 https://exchange.xforce.ibmcloud.com/vulnerabilities/34499 •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2007-2390
https://notcve.org/view.php?id=CVE-2007-2390
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. Desbordamiento de búfer en el iChat del Apple Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos causar una denegación de servicio (terminación de la aplicación) y, posiblemente, ejecutar código de su elección a través de un paquete UPnP Internet Gateway Device (IGD) manipulado. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.kb.cert.org/vuls/id/116100 http://www.osvdb.org/35141 http://www.securityfocus.com/bid/24144 http://www.securitytracker.com/id?1018119 http://www.vupen.com/english/advisories/2007/1939 https://exchange.xforce.ibmcloud.com/vulnerabilities/34502 •