8517 matches found
CVE-2007-0645
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...
Ipswitch WS_FTP 2007 SCP处理格式串漏洞
Ipswitch WSFTP是一款FTP服务程序。 Ipswitch WSFTP包含的SCP模块存在格式串问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 打开特殊构建的SCP文件,WSFTP 2007脚本会导致格式串错误。特殊构建文件使用WSFTP脚本命令"SHELL"和执行特殊文件名。文件使用"file://"访问。 Ipswitch WS FTP Server Professional 2007 目前没有解决方案提供,请关注以下链接: http://www.ipswitch.com/products/wsftp/home/index.asp...
MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities
Summary As MOAB begins to come to a close we have decided that it is time for a montage of some sort. By definition alone we can bring you nothing short of a closely juxtaposed composite of pure pwnage. Lucky for us Apple's AppKit framework and a few Apple Developers are all we need. Previously w...
CVE-2007-0647
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function...
Apple multiple applications format string vulnerabilities
Format string vulnerabilities in multiple client applications...
Xine M3U远程格式串漏洞
Xine是一款开放源代码的媒体处理程序。 Xine处理.m3u文件存在格式串问题,远程攻击者可以利用漏洞以应用程序执行任意指令。 构建恶意.m3u文件,会导致VLC播放程序处理时崩溃,导致任意指令执行。 xine xine-ui 0.99.4 xine xine-ui 0 MandrakeSoft Linux Mandrake 2007.0 x8664 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x8664 MandrakeSoft Corporate Server 3.0...
CVE-2007-0647
CVE-2007-0647 describes a format string vulnerability in Help Viewer 3.0.0 that allows remote user‑assisted attackers to cause a denial of service (crash) via malformed format specifiers in a filename, triggered when calling the NSBeginAlertSheet Apple AppKit function. The vulnerability affects H...
CVE-2007-0644
CVE-2007-0644 affects Apple Safari 2.0.4 (419.3). The issue is a format string vulnerability where untrusted format specifiers in filenames are mishandled when calling AppKit’s NSLog and NSBeginAlertSheet, leading to remote user‑assisted denial of service (crash). Affected component: Safari 2.0.4...
CVE-2007-0646
CVE-2007-0646 describes a format string vulnerability in iMovie HD 6.0.3 and Safari on Mac OS X 10.4–10.4.10. The issue arises when handling format specifiers in filenames passed to NSRunCriticalAlertPanel, allowing remote user‑assisted crashes (DoS). Connected Nessus entries reference Mac OS X S...
CVE-2007-0645
CVE-2007-0645 affects iPhoto 6.0.5 and is a format-string vulnerability in filenames that is triggered during calls to Apple AppKit functions. The vulnerability is described as allowing remote user‑assisted attackers to cause a denial of service (crash). The primary sources (NVD and CVE records) ...
CVE-2007-0644
Format string vulnerability in Apple Safari 2.0.4 419.3 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in filenames that are not properly handled when calling the 1 NSLog and 2 NSBeginAlertSheet Apple AppKit functions...
CVE-2007-0465
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a 1 PKG, 2 DISTZ, or 3 MPKG package filename...
CVE-2007-0465
CVE-2007-0465 describes a format-string vulnerability in Apple’s Installer (Mac OS X 10.4.8, Apple Installer 2.1.5). The flaw arises during parsing of package filenames that can contain format specifiers in (PKG, DISTZ, MPKG) files, enabling a user-assisted remote attacker to execute arbitrary co...
CVE-2007-0465
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a 1 PKG, 2 DISTZ, or 3 MPKG package filename...
Apple Mac OSX 10.4.x - Safari window.console.log Format String
Apple Mac OSX 10.4.x - Safari window.console.log Format String source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting thes...
Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String
Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting the...
Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String
Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting...
Apple Mac OSX 10.4.x - iPhoto photo: URL Handling Format String
Apple Mac OSX 10.4.x - iPhoto photo: URL Handling Format String source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting the...
Apple Mac OSX 10.4.x - Safari window.console.log Format String
source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow attacker-supplied data to be written to...
Apple Mac OSX 10.4.x - iPhoto 'photo://' URL Handling Format String
source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow attacker-supplied data to be written to...