Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
CWE-20
CVE-2008-1028
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
CVE-2008-1030
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
CVE-2008-0982
Spyce – Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.
CVE-2008-0999
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.