CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

Publication date: Thu, 01 Feb 2007 06:28:00 +0000

Cyber News related to CVE-2007-0646

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-0646 - Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled ...
13 years ago

CVE-2002-0646 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0371. Reason: This candidate is a reservation duplicate of CVE-2002-0371. Notes: CVE-2002-0371 should be used instead of this candidate. All references and descriptions in this ...
54 years ago Tenable.com

CVE-2010-4152 - SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646. ...
6 years ago

CVE-2020-0646 - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. ...
2 years ago

CVE-2021-0646 - In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no ...
3 years ago

CVE-2006-0646 - ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the ...
16 years ago

CVE-2000-0646 - WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. ...
16 years ago

CVE-2003-0646 - Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. ...
16 years ago

CVE-2008-0646 - The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion ...
13 years ago

CVE-2013-0646 - Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android ...
10 years ago

CVE-2014-0646 - The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by ...
10 years ago

CVE-2005-0646 - SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. ...
8 years ago

CVE-2015-0646 - Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of ...
7 years ago

CVE-2017-0646 - An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. ...
7 years ago

CVE-2004-0646 - Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header ...
7 years ago

CVE-2011-0646 - SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter. ...
7 years ago

CVE-2010-0646 - Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. ...
7 years ago

CVE-2001-0646 - Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. ...
7 years ago

CVE-2009-0646 - Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i ...
6 years ago

CVE-2018-0646 - Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. ...
6 years ago

CVE-2012-0646 - Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. ...
5 years ago

CVE-2019-0646 - A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. ...
5 years ago

CVE-2016-0646 - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. ...
4 years ago

CVE-2023-0646 - A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be ...
1 year ago

Latest Cyber News

CVE-2024-52739 - 1 day ago
CVE-2018-9483 - 1 day ago
CVE-2018-9485 - 1 day ago
CVE-2018-9487 - 1 day ago
CVE-2018-9470 - 1 day ago
CVE-2018-9472 - 1 day ago
CVE-2018-9477 - 1 day ago
CVE-2024-11492 - 1 day ago
CVE-2024-52770 - 1 day ago
CVE-2024-52796 - 1 day ago
CVE-2024-52769 - 1 day ago
CVE-2024-51162 - 1 day ago
CVE-2024-52725 - 1 day ago
CVE-2024-11491 - 1 day ago
CVE-2024-11490 - 1 day ago
CVE-2024-11488 - 1 day ago
CVE-2024-11486 - 1 day ago
CVE-2024-11487 - 1 day ago
CVE-2024-11485 - 1 day ago
CVE-2024-52471 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-52282 - 2 days ago
CVE-2024-11278 - 1 day ago
CVE-2024-9653 - 1 day ago
CVE-2024-10515 - 1 day ago
CVE-2024-52614 - 1 day ago
CVE-2024-9239 - 1 day ago
CVE-2024-10855 - 1 day ago
CVE-2024-10899 - 1 day ago
CVE-2024-10900 - 1 day ago
CVE-2024-11277 - 1 day ago
CVE-2024-48895 - 1 day ago
CVE-2024-47865 - 1 day ago
CVE-2024-52033 - 1 day ago
CVE-2024-11176 - 1 day ago
CVE-2024-10126 - 1 day ago
CVE-2024-10127 - 1 day ago
CVE-2024-11179 - 1 day ago
CVE-2024-11494 - 1 day ago
CVE-2024-10665 - 1 day ago
CVE-2024-10891 - 1 day ago