Page 15 of 74 results (0.008 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales crear archivos de su elección mediante un ataque de enlace simbólico en el fichero simulation.sql. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/22390 http://secunia.com/advisories/27441 http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl http://www.securityfocus.com/bid/20562 http://www.securitytracker.com/id?1018872 http://www.vupen.com/english/advisories/2007/3665 •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante una ruta modificada que hace referencia a un programa gzip malicioso, el cual es ejecutado por gnutar con ciertas preferencias en la variable de entorno TAR_OPTIONS, cuando gnutar es invocado por OpenBase. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/22390 http://secunia.com/advisories/22474 http://secunia.com/advisories/27441 http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl http://www.securityfocus.com/bid/20562 http://www.securitytracker.com/id?1018872 http://www.vupen.com/english/advisories/2006/4058 http://www.vupen.com/english/advisories/2006/4059 http://w •

CVSS: 4.0EPSS: 1%CPEs: 2EXPL: 0

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. • http://lists.apple.com/archives/security-announce/2006/May/msg00004.html http://secunia.com/advisories/20267 http://securitytracker.com/id?1016143 http://www.osvdb.org/25889 http://www.securityfocus.com/bid/18091 http://www.vupen.com/english/advisories/2006/1950 https://exchange.xforce.ibmcloud.com/vulnerabilities/26634 •

CVSS: 9.3EPSS: 96%CPEs: 2EXPL: 3

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. • https://www.exploit-db.com/exploits/9915 https://github.com/k4miyo/CVE-2004-2687 http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html http://distcc.samba.org/security.html http://lists.samba.org/archive/distcc/2004q3/002550.html http://lists.samba.org/archive/distcc/2004q3/002562.html http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec http://www.osvdb.org/13378 • CWE-16: Configuration •