Searching macos software vulnerabilities

Buffer overflow in Apple AppleShare Mail Server

AppleShare | overflow | Buffer | Server | Apple | Mail |

Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.


Idle locking function in MacOS 9 allows local u

application | protection | selecting | password | attempts | sessions | "Cancel" | attacker | function | session | locking | returns | dialog | verify | locked | option | bypass | allows | wants | which | MacOS | local | idled | users | into | "Log | user | Idle | Out" | log | out | box |

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.


Idle locking function in MacOS 9 allows local a

programmer's | protection | attackers | sessions | debugger | attacker | keyboard | sequence | password | function | CMD-PWR | disable | locking | bypass | brings | allows | switch | idled | which | MacOS | local | lock | Idle | use | via | can |

Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.


Buffer overflow in Eudora Internet Mail Server

Internet | overflow | Server | Buffer | Eudora | Mail |

Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port 106.


A possible interaction between Apple MacOS X re

interaction | attackers | possible | release | service | between | allows | denial | remote | Apache | server | Apple | cause | MacOS | HTTP |

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.


ProSoft Netware Client 5.12 on Macintosh MacOS

Netware | ProSoft | Client |

ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session.


The URLConnection function in MacOS Runtime Jav

URLConnection | function | Runtime | MacOS | Java |

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.


Apache on MacOS X Client 10.0.3 with the HFS+ f

Client | Apache | MacOS |

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.


nidump on MacOS X before 10.3 allows local user

before | nidump | MacOS |

nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.


Point to Point Protocol daemon (pppd) in MacOS

Protocol | daemon | Point |

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.


Buffer overflow in ICQ 2.6x for MacOS X 10.0 th

overflow | Buffer | MacOS | 26x | ICQ |

Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.


Cross-site scripting vulnerability AOL Instant

vulnerability | Cross-site | Messenger | scripting | Instant | AOL |

Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.


DirectoryServices in MacOS X trusts the PATH en

DirectoryServices | environment | containing | directory | modifying | malicious | arbitrary | commands | variable | command | program | execute | trusts | locate | allows | point | touch | MacOS | which | users | local | PATH |

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.


The installation of Dantz Retrospect Client 5.0

installation | Retrospect | Client | Dantz |

The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.


The screen saver in MacOS X allows users with p

underlying | characters | triggering | physical | overflow | possibly | password | session | allows | number | buffer | screen | access | field | MacOS | crash | users | large | cause | saver | gain | via |

The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.


The Apple Java plugin, as used in Netscape 7.1

Netscape | Mozilla | plugin | Apple | Java | used |

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.


Orbicule Undercover allows attackers with physi

/private/etc/ucapp/Contents/MacOS/uc | LaunchDaemon | permissions | protection | Undercover | attackers | prevents | Orbicule | physical | command | service | disable | started | access | change | allows | being | chmod | using | which | root | file |

Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon.


Cisco Trust Agent (CTA) before 2.1.104.0, when

Agent | Trust | Cisco |

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.


Software vulnerabilities results 1 to 19 of 19     
Page: 1