Apple: >> Mac Os X >> 10.3.6 Security Vulnerabilities
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
CVSS Score
7.1
EPSS Score
0.007
Published
2007-05-29
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-05-24
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2007-05-24
The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.
CVSS Score
7.5
EPSS Score
0.015
Published
2007-05-18
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVSS Score
10.0
EPSS Score
0.043
Published
2007-05-17
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
CVSS Score
5.8
EPSS Score
0.171
Published
2007-05-16
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
CVSS Score
7.8
EPSS Score
0.005
Published
2007-04-24
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-04-24
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.
CVSS Score
7.2
EPSS Score
0.002
Published
2007-04-11
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.
CVSS Score
6.8
EPSS Score
0.021
Published
2007-04-06