CVSS: 9.3EPSS: 92%CPEs: 75EXPL: 0CVE-2007-0714 – Apple Quicktime UDTA Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0714
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. Un desbordamiento de enteros en Apple QuickTime anterior a la versión 7.1.5 permite a atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de una película QuickTime creada con un User Data Atom (UDTA) con un campo Atom size con un valor largo. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. • http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://osvdb.org/33902 http://secunia.com/advisories/24359 http://secway.org/advisory/AD20070306.txt http://www.kb.cert.org/vuls/id/861817 http://www.securityfocus.com/archive/1/461999/100/0/threaded http://www.securityfocus.com/archive/1/462153/100/0/threaded http://www. • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1222
https://notcve.org/view.php?id=CVE-2007-1222
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. Parallels Desktop para Mac anterior a 20070216 implementa Drag y Drop compartiendo el sistema de ficheros del host completamente como el compartido .hsf, lo caul permite a usuarios locales del sistemas operativo invitado escribir archivos de su elección a través del fichero de sistema host y ejecutar código de su elección a través de la creación con la escritura de un archivo plist en un directorio LaunchAgents. • http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html http://osvdb.org/33799 http://secunia.com/advisories/24171 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2006-7034
https://notcve.org/view.php?id=CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat. • http://securityreason.com/securityalert/2285 http://www.securityfocus.com/archive/1/435166/30/4680/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 •
CVSS: 7.8EPSS: 59%CPEs: 2EXPL: 2CVE-2007-1071 – Apple Mac OSX 10.4.8 - ImageIO GIF Image Integer Overflow
https://notcve.org/view.php?id=CVE-2007-1071
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. Desbordamiento de enteros en la función gifGetBandProc del ImageIO en Apple Mac OS X 10.4.8 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y, posiblemente, ejecutar código de su elección mediante una imagen GIF manipulada que dispara el desbordamiento durante la descompresión. NOTA: es una vulnerabilidad diferente a la CVE-2006-3502 y a la CVE-2006-3503. • https://www.exploit-db.com/exploits/29620 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/24479 http://security-protocols.com/sp-x39-advisory.php http://www.kb.cert.org/vuls/id/559444 http://www.osvdb.org/34854 http://www.securityfocus.com/bid/22630 http://www.securitytracker.com/id?1017758 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www& •
CVSS: 7.5EPSS: 4%CPEs: 18EXPL: 2CVE-2007-1043 – Ezboo Webstats 3.03 - Administrative Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-1043
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php. • https://www.exploit-db.com/exploits/29610 http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 http://osvdb.org/34181 http://securityreason.com/securityalert/2275 http://www.securityfocus.com/archive/1/460325/100/0/threaded http://www.securityfocus.com/bid/22590 https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 •