Xcode OpenBase <= 10.0.0 (symlink) Local Root Exploit (OSX)

Exploit for macOS platform in category local exploits =========================================================== Xcode OpenBase \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a\n"; print "\n"; exit 1; $ret = pack"l", $retval; $a,$b =...

Apple MacOS X Xcode OpenBase SQL privilege escalation

On executing tar from suid root application TAROPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem...

Xcode OpenBase &lt;= 9.1.5 Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will This is an exploit for a 3rd party program that has...

Apple Xcode WebObjects插件权限提升漏洞

Xcode是苹果机器上所使用的开发工具。 Xcode在以高权限调用外部工具时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 Xcode需要使用OpenBase技术为WebObjects组件提供额外的功能。OpenBase库在调用/Library/OpenBase/bin/gnutar时没有正确地使用setuid权限，在以euid=0运行OpenBase时调用了gnutar。通过使用TAROPTIONS环境变量就可以强制gnutar没有指定路径便调用gzip，因此攻击者可以通过控制PATH变量获得root权限。 Apple XCode 2.2 OpenBase OpenBase...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

CVE-2006-5328

OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file...

Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation

Xcode OpenBase 9.1.5 OSX - Root File Create Privilege Escalation !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will Create a new file...

Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation

!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will Create a new file anywhere on the filesystem with rw-rw-rw privs. Sorry you can NOT...

Xcode OpenBase <= 9.1.5 (root file create) Local Root Exploit (OSX)

Exploit for macOS platform in category local exploits =================================================================== Xcode OpenBase = 9.1.5 root file create Local Root Exploit OSX =================================================================== !/usr/bin/perl http://www.digitalmunition.co...

Xcode OpenBase &lt;= 9.1.5 (root file create) Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will Create a new file anywhere on the filesystem with...

Xcode OpenBase 9.1.5 (OSX) - Local Privilege Escalation

Xcode OpenBase 9.1.5 OSX - Local Privilege Escalation !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will This is an exploit for a 3rd part...

Xcode OpenBase 9.1.5 (OSX) - Local Privilege Escalation

!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will This is an exploit for a 3rd party program that has been bundled with Xcode on several...

Xcode OpenBase <= 9.1.5 Local Root Exploit (OSX)

Exploit for macOS platform in category local exploits ================================================ Xcode OpenBase \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a\n"; print "\n"; exit 1; $ret = pack"l", $retval; $a,$b = spli...

Apple Xcode unauthorized access

Access restrictions do not work...

[SA20267] Apple Xcode WebObjects Plugin Access Control Vulnerability

TITLE: Apple Xcode WebObjects Plugin Access Control Vulnerability SECUNIA ADVISORY ID: SA20267 VERIFY ADVISORY: http://secunia.com/advisories/20267/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ DESCRIPTION: A...

CVE-2006-1466

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

Code injection

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

CVE-2006-1466

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

CVE-2006-1466

The CVE-2006-1466 entry concerns Xcode Tools prior to 2.3 on Mac OS X 10.4. The vulnerability is triggered when the WebObjects plugin runs, allowing remote attackers to access or modify WebObjects projects via a network service. The available sources identify the affected software and the impact ...

CVE-2006-0933

Cross-site scripting XSS vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...