Page 2 of 74 results (0.005 seconds)

CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. Profile Manager en Apple OS X Server anterior a 4.0 permite a usuarios locales descubrir contraseñas en texto claro mediante la lectura de un fichero después de que ocurra una (1) configuración de perfil o (2) edición de perfil. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://www.securitytracker.com/id/1031071 https://exchange.xforce.ibmcloud.com/vulnerabilities/97646 https://support.apple.com/kb/HT6536 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Wiki Server en CoreCollaboration en Apple OS X Server anterior a 2.2.3 y 3.x anterior a 3.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61305 http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://support.apple.com/kb/HT6449 http://www.securityfocus.com/bid/69918 http://www.securitytracker.com/id/1030869 https://exchange.xforce.ibmcloud.com/vulnerabilities/96048 https://support.apple.com/kb/HT6536 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html http://www.securityfocus.com/bid/69935 http://www.securitytracker.com/id/1030870 https://exchange.xforce.ibmcloud.com/vulnerabilities/96047 https://support.apple.com/kb/HT6536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 87EXPL: 0

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. WebKit de Apple Safari anterior a v6.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web diseñado, una vulnerabilidad diferente a CVE-2013-0961. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html •

CVSS: 6.8EPSS: 0%CPEs: 87EXPL: 0

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. WebKit de Apple Safari anterior a v6.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web diseñado, una vulnerabilidad diferente a CVE-2013-0960. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html •