Vulnerabilities > Apple > MAC OS X

DATE CVE VULNERABILITY TITLE RISK
2007-03-02 CVE-2007-1222 Local Security vulnerability in Parallels Desktop for Mac OS X
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
local
low complexity
apple parallels
7.2
2007-02-23 CVE-2006-7034 SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
7.5
2007-02-22 CVE-2007-1071 Integer Overflow vulnerability in Apple Mac OS X ImageIO GIF Image
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression.
network
low complexity
apple
7.8
2007-02-21 CVE-2007-1043 Authentication Bypass vulnerability in Ezboo Webstats 3.0.3
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
7.5
2007-02-16 CVE-2007-0710 Resource Management Errors vulnerability in Apple Ichat
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
local
low complexity
apple CWE-399
2.1
2007-02-01 CVE-2007-0647 Products Format String vulnerability in Apple mac OS X 10.3.9
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
network
apple
7.1
2007-02-01 CVE-2007-0646 USE of Externally-Controlled Format String vulnerability in Apple Imovie, mac OS X and Safari
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
network
apple CWE-134
7.1
2007-01-31 CVE-2007-0614 Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and mac OS X
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
network
low complexity
apple
7.8
2007-01-31 CVE-2007-0467 Denial-Of-Service vulnerability in Apple mac OS X 10.4.8
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
local
high complexity
apple
6.2
2007-01-31 CVE-2007-0465 Unspecified vulnerability in Apple Installer and mac OS X
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
network
high complexity
apple
7.6