CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5328
https://notcve.org/view.php?id=CVE-2006-5328
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales crear archivos de su elección mediante un ataque de enlace simbólico en el fichero simulation.sql. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/22390 http://secunia.com/advisories/27441 http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl http://www.securityfocus.com/bid/20562 http://www.securitytracker.com/id?1018872 http://www.vupen.com/english/advisories/2007/3665 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2006-5327
https://notcve.org/view.php?id=CVE-2006-5327
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante una ruta modificada que hace referencia a un programa gzip malicioso, el cual es ejecutado por gnutar con ciertas preferencias en la variable de entorno TAR_OPTIONS, cuando gnutar es invocado por OpenBase. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html http://secunia.com/advisories/22390 http://secunia.com/advisories/22474 http://secunia.com/advisories/27441 http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl http://www.securityfocus.com/bid/20562 http://www.securitytracker.com/id?1018872 http://www.vupen.com/english/advisories/2006/4058 http://www.vupen.com/english/advisories/2006/4059 http://w •