CVE-2007-1222
https://notcve.org/view.php?id=CVE-2007-1222
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. Parallels Desktop para Mac anterior a 20070216 implementa Drag y Drop compartiendo el sistema de ficheros del host completamente como el compartido .hsf, lo caul permite a usuarios locales del sistemas operativo invitado escribir archivos de su elección a través del fichero de sistema host y ejecutar código de su elección a través de la creación con la escritura de un archivo plist en un directorio LaunchAgents. • http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html http://osvdb.org/33799 http://secunia.com/advisories/24171 •
CVE-2006-7034
https://notcve.org/view.php?id=CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat. • http://securityreason.com/securityalert/2285 http://www.securityfocus.com/archive/1/435166/30/4680/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 •
CVE-2007-1071 – Apple Mac OSX 10.4.8 - ImageIO GIF Image Integer Overflow
https://notcve.org/view.php?id=CVE-2007-1071
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. Desbordamiento de enteros en la función gifGetBandProc del ImageIO en Apple Mac OS X 10.4.8 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y, posiblemente, ejecutar código de su elección mediante una imagen GIF manipulada que dispara el desbordamiento durante la descompresión. NOTA: es una vulnerabilidad diferente a la CVE-2006-3502 y a la CVE-2006-3503. • https://www.exploit-db.com/exploits/29620 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/24479 http://security-protocols.com/sp-x39-advisory.php http://www.kb.cert.org/vuls/id/559444 http://www.osvdb.org/34854 http://www.securityfocus.com/bid/22630 http://www.securitytracker.com/id?1017758 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www& •
CVE-2007-1043 – Ezboo Webstats 3.03 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-1043
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php. • https://www.exploit-db.com/exploits/29610 http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 http://osvdb.org/34181 http://securityreason.com/securityalert/2275 http://www.securityfocus.com/archive/1/460325/100/0/threaded http://www.securityfocus.com/bid/22590 https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 •
CVE-2007-0710 – Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0710
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. La funcionalidad Bonjour en iChat en Apple Mac OS X 10.3.9 permite a atacantes remotos provocar denegación de servicio (caida de aplicación persistente) a través de vectores no especificados, posiblemente relacionado con CVE-2007-0614. • https://www.exploit-db.com/exploits/3230 http://docs.info.apple.com/article.html?artnum=305102 http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html http://secunia.com/advisories/24198 http://www.kb.cert.org/vuls/id/836024 http://www.osvdb.org/32713 http://www.securityfocus.com/bid/22304 http://www.securitytracker.com/id?1017661 • CWE-399: Resource Management Errors •