CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2008-2318
https://notcve.org/view.php?id=CVE-2008-2318
14 Jul 2008 — The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. La implementación WOHyperlink de WebObjects de Apple Xcode tools anterior a 3.1 , añade los IDs de sesiones locales a URLs no generadas en local, esto permite a atacantes remotos obtener información potencialmente sensible leyendo las solicitudes de estas URLs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2006-5327
https://notcve.org/view.php?id=CVE-2006-5327
17 Oct 2006 — Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y po... • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5328
https://notcve.org/view.php?id=CVE-2006-5328
17 Oct 2006 — OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales crear archivos de su elección mediante un ataque de enlace simbólico en el fichero simulation.sql. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1466
https://notcve.org/view.php?id=CVE-2006-1466
24 May 2006 — Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. • http://lists.apple.com/archives/security-announce/2006/May/msg00004.html •