CVE-2007-4708
https://notcve.org/view.php?id=CVE-2007-4708
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. Vulnerabilidad de cadena de formato en Address Book de Apple Mac OS X 10.4.11, permite que atacantes remotos ejecuten código arbitrario a través de un manejador URL • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/bid/26910 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39092 • CWE-134: Use of Externally-Controlled Format String •
CVE-2007-5847
https://notcve.org/view.php?id=CVE-2007-5847
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. Condición de carrera en la API CFURLWriteDataAndPropertiesToResource del Core Foundation de Apple Mac OS X 10.4.11. Crea ficheros con permisos no seguros, lo cual podría permitir a usuarios locales obtener información sensible. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/bid/26910 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39095 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2007-4709
https://notcve.org/view.php?id=CVE-2007-4709
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. Vulnerabilidad de cruce de directorios en CFNetwork de Apple Mac OS X 10.5.1, Permite que atacantes remotos sobreescriban ficheros a su elección, a través de una respuesta HTTP • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/bid/26910 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-5850
https://notcve.org/view.php?id=CVE-2007-5850
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. Desbordamiento de búfer basado en montículo en Destop Services de Apple Mac OS X 10.4.11 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un directorio con un archivo .DS_Store manipulado. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/bid/26910 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39098 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5854
https://notcve.org/view.php?id=CVE-2007-5854
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. Launch Services en Apple Mac OS X 10.4.11 y 10.5.1 no considera los archivos HTML como contenido no seguro, lo cual permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) u obtener información sensible a través de un archivo HTML manipulado. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/bid/26910 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •