Page 2 of 10 results (0.010 seconds)

CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. Profile Manager en Apple OS X Server anterior a 4.0 permite a usuarios locales descubrir contraseñas en texto claro mediante la lectura de un fichero después de que ocurra una (1) configuración de perfil o (2) edición de perfil. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://www.securitytracker.com/id/1031071 https://exchange.xforce.ibmcloud.com/vulnerabilities/97646 https://support.apple.com/kb/HT6536 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Wiki Server en CoreCollaboration en Apple OS X Server anterior a 2.2.3 y 3.x anterior a 3.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61305 http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://support.apple.com/kb/HT6449 http://www.securityfocus.com/bid/69918 http://www.securitytracker.com/id/1030869 https://exchange.xforce.ibmcloud.com/vulnerabilities/96048 https://support.apple.com/kb/HT6536 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html http://www.securityfocus.com/bid/69935 http://www.securitytracker.com/id/1030870 https://exchange.xforce.ibmcloud.com/vulnerabilities/96047 https://support.apple.com/kb/HT6536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. El servicio RADIUS de Server App en Apple OS X Server anteriores a 3.0 selecciona un X.509 de reserva en circunstancias no especificadas, lo que prodría permitir a atacantes man-in-the-middle secuestrar las sesiones RADIUS aprovechando el conocimiento de la clave privada de este certificado de reserva. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades XSS en Wiki Server de Apple Mac OS X Server anterior a la versión 2.2.2 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://www.cloudscan.me/2013/09/cve-2013-1034-stored-xss-xxe-os-x.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •