CVE-2012-4672
https://notcve.org/view.php?id=CVE-2012-4672
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. Apple iChat Server no comprueba que se presente una solicitud para una respuesta XMPP Server Dialback, lo que permite a servidores remotos de XMPP falsificar dominios a través de las respuestas de dominios no confirmados. • http://xmpp.org/resources/security-notices/server-dialback https://exchange.xforce.ibmcloud.com/vulnerabilities/78133 • CWE-20: Improper Input Validation •
CVE-2007-3746
https://notcve.org/view.php?id=CVE-2007-3746
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. La interfaz Java de CoreAudio en Apple Mac OS X 10.3.9 y 10.4.10 no comprueba adecuadamente los límites de las operaciones de lectura y escritura del montículo, lo cual permite a atacantes remotos ejecutar código de su elección mediante un applet manipulado. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018492 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35727 •
CVE-2007-3748
https://notcve.org/view.php?id=CVE-2007-3748
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de búfer en la implementación UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) de iChat en Apple Mac OS X 10.3.9 y 10.4.10 permite a atacantes remotos colindantes en la red, ejecutar código de su elección mediante un paquete manipulado. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018493 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35732 •
CVE-2007-3747
https://notcve.org/view.php?id=CVE-2007-3747
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. La interfaz Java de CoreAudio en Apple Mac OS X 10.3.9 y 10.4.10 no restringe la instanciación y manipulación de objetos en direcciones de montículo válidad, lo cual permite a atacantes remotos ejecutar código de su elección mediante un applet manipulado. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018492 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35728 •
CVE-1999-0897
https://notcve.org/view.php?id=CVE-1999-0897
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. • http://marc.info/?l=bugtraq&m=90538488231977&w=2 •