Apple Mac Os X Server vulnerabilities

CVE-2008-1032 [MEDIUM] CVE-2008-1032: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4

CVE-2008-1571 [MEDIUM] CWE-22 CVE-2008-1571: Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X befo Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

CVE-2008-1036 [MEDIUM] CWE-79 CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Ente The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

CVE-2008-1027 [MEDIUM] CWE-264 CVE-2008-1027: Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested fi Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

CVE-2008-1578 [LOW] CWE-200 CVE-2008-1578: The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the comma The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

CVE-2008-0599 [CRITICAL] CWE-131 CVE-2008-0599: The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVE-2008-0063 [HIGH] CWE-908 CVE-2008-0063: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

CVE-2008-0055 [HIGH] CWE-362 CVE-2008-0055: Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies f Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

CVE-2008-1000 [HIGH] CWE-22 CVE-2008-1000: Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (a Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

CVE-2008-0999 [HIGH] CWE-20 CVE-2008-0999: Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a craf Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

CVE-2008-0045 [HIGH] CWE-264 CVE-2008-0045: Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

CVE-2008-0056 [MEDIUM] CWE-119 CVE-2008-0056: Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attacke Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

CVE-2008-0997 [MEDIUM] CWE-119 CVE-2008-0997: Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attacker Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.

CVE-2008-0054 [MEDIUM] CWE-20 CVE-2008-0054: Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary co Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.

CVE-2008-0052 [MEDIUM] CWE-200 CVE-2008-0052: CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attacker CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

CVE-2008-0050 [MEDIUM] CWE-200 CVE-2008-0050: CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via d CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

CVE-2008-0998 [MEDIUM] CWE-264 CVE-2008-0998: Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4 Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

CVE-2008-0989 [MEDIUM] CWE-134 CVE-2008-0989: Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to ex Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

CVE-2008-0992 [MEDIUM] CWE-119 CVE-2008-0992: Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbi Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

CVE-2008-0058 [MEDIUM] CWE-362 CVE-2008-0058: Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.