CVE-2009-2422
https://notcve.org/view.php?id=CVE-2009-2422
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. El código de ejemplo para la funcionalidad de autenticación digest (http_authentication.rb) en Ruby on Rails anterior a v2.3.3 define un bloque authenticate_or_request_with_http_digest que devolverá nulo en lugar de falso cuando el usuario no existe, lo cual permite a atacantes dependiendo del contexto eludir la autenticación para aplicaciones que se derivan de este ejemplo mediante el envío de un nombre de usuario no válido sin una contraseña. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s http://secunia.com/advisories/35702 http://support.apple.com/kb/HT4077 http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest http://www.securityfocus.com/bid/35579 http://www.vupen.com/english/advisories/2009/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/51528 • CWE-287: Improper Authentication •
CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valor manipulado en el primer argumento, lo que permite desreferenciar como puntero. his vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Java HotSpot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the undocumented apple.laf.CColourUIResource(long, int, int ,int, int) constructor. When passing a long integer value as the first argument, the value is interpreted as pointer to an Objective-C object. By constructing a special memory structure and passing the pointer to the first argument an attacker may execute arbitrary code. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html http://support.apple.com/kb/HT3632 http://www.securityfocus.com/archive/1/504364/100/0/threaded http://www.securityfocus.com/bid/35381 http://www.securityfocus.com/bid/35401 http://www.zerodayinitiative.com/advisories/ZDI-09-043 https://exchange.xforce.ibmcloud.com/vulnerabilities/51185 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de valores de tamaño manipulados en la secuencia de escape de redimensionamiento de xterm CSI[4, lo que provoca un desbordamiento de buffer de la memoria dinámica (heap). • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 http://securitytracker.com/id?1022322 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/archive/1/504031/100/0/threaded http://www.securityfocus.com/bid/35182 https://exchange.xforce.ibmcloud.com/vulnerabilities/50982 • CWE-189: Numeric Errors •
CVE-2009-0943
https://notcve.org/view.php?id=CVE-2009-0943
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anteriores a v10.5.7 no verifica que las rutas HTML esten localizadas en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: la que desencadena la invocación de archivos AppleScript. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022216 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50486 • CWE-20: Improper Input Validation •