CVSS: 7.6EPSS: 0%CPEs: 9EXPL: 2CVE-2008-7303
https://notcve.org/view.php?id=CVE-2008-7303
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. • http://www.coresecurity.com/content/apple-osx-sandbox-bypass https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-08-Miller-Hacking-OSX.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 21EXPL: 2CVE-2011-1516 – SAP NetWeaver Dispatcher - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-1516
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. • https://www.exploit-db.com/exploits/18853 http://www.coresecurity.com/content/apple-osx-sandbox-bypass http://www.securityfocus.com/archive/1/520479/100/100/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 37EXPL: 1CVE-2011-4211
https://notcve.org/view.php?id=CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. • http://blog.watchfire.com/files/googleappenginesdk.pdf http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes http://www.securityfocus.com/bid/50464 https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 37EXPL: 1CVE-2011-4212
https://notcve.org/view.php?id=CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction. • http://blog.watchfire.com/files/googleappenginesdk.pdf http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes https://exchange.xforce.ibmcloud.com/vulnerabilities/71063 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4213
https://notcve.org/view.php?id=CVE-2011-4213
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. El entorno Sandbox en el motor de aplicaciones de Google de Python SDK anterior a la versión 1.5.4, no impide apropiadamente el uso del módulo de sistema operativo, lo que permite a los usuarios locales omitir las restricciones de acceso previstas y ejecutar comandos arbitrarios por medio de una referencia file_blob_storage.os dentro del parámetro Code a _ah/admin/interactive/execute, una vulnerabilidad diferente a CVE-2011-1364. • http://blog.watchfire.com/files/googleappenginesdk.pdf http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes https://exchange.xforce.ibmcloud.com/vulnerabilities/71062 • CWE-264: Permissions, Privileges, and Access Controls •