CVSS: 10.0EPSS: 12%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http:/ • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.8EPSS: 8%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes remotos ejecutar código arbitrario a través de expresiones regulares con grandes conteos de repetición anidados, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://secunia.com/advisories/29846 http://secunia.com/advisories/31074 http://securityreason.com/securityalert/3815 http://support.apple.com/kb/HT1467 http://www.securityfocus.com/archive/1/490990/100/0/threaded http://www.securityfocus.com/bid/28815 http://www.securitytracker.com/id?1019870 http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-0060
https://notcve.org/view.php?id=CVE-2008-0060
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. Help Viewer en Apple Mac OS X 10.4.11 y 10.5.2, permite a atacantes remotos ejecutar Applescript de su elección a través de la URL help:topic_list, la cual inyecta HTML o JavaScript dentro de una página de listado de topic, tal y como se ha demostrado usando el enlace help:runscript. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28371 http://www.securitytracker.com/id?1019657 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41295 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0994
https://notcve.org/view.php?id=CVE-2008-0994
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. Preview en Apple Mac OS X 10.5.2 utiliza RC4 de 40 bits cuando guarda un archivo PDF encriptado, lo que facilita que atacantes remotos puedan descifrar el archivo a través de métodos de fuerza bruta. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28386 http://www.securitytracker.com/id?1019665 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41276 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0995
https://notcve.org/view.php?id=CVE-2008-0995
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. El componente Printing (Impresión) en Apple Mac OS X 10.5.2 utiliza un RC4 de 40 bits cuando imprime un archivo PDF encriptado, lo que facilita a los atacantes descifrar el archivo a través de métodos de fuerza bruta. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28387 http://www.securitytracker.com/id?1019667 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41287 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •