CVE-2006-5327
https://notcve.org/view.php?id=CVE-2006-5327
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante una ruta modificada que hace referencia a un programa gzip malicioso, el cual es ejecutado por gnutar con ciertas preferencias en la variable de entorno TAR_OPTIONS, cuando gnutar es invocado por OpenBase. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/22390 http://secunia.com/advisories/22474 http://secunia.com/advisories/27441 http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl http://www.securityfocus.com/bid/20562 http://www.securitytracker.com/id?1018872 http://www.vupen.com/english/advisories/2006/4058 http://www.vupen.com/english/advisories/2006/4059 http://w •
CVE-2006-1466
https://notcve.org/view.php?id=CVE-2006-1466
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. • http://lists.apple.com/archives/security-announce/2006/May/msg00004.html http://secunia.com/advisories/20267 http://securitytracker.com/id?1016143 http://www.osvdb.org/25889 http://www.securityfocus.com/bid/18091 http://www.vupen.com/english/advisories/2006/1950 https://exchange.xforce.ibmcloud.com/vulnerabilities/26634 •
CVE-2004-2687 – DistCC Daemon - Command Execution
https://notcve.org/view.php?id=CVE-2004-2687
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. • https://www.exploit-db.com/exploits/9915 https://github.com/k4miyo/CVE-2004-2687 http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html http://distcc.samba.org/security.html http://lists.samba.org/archive/distcc/2004q3/002550.html http://lists.samba.org/archive/distcc/2004q3/002562.html http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec http://www.osvdb.org/13378 • CWE-16: Configuration •