CVE-2011-3998

Cross-site scripting XSS vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WebObjects vulnerable to cross-site scripting

Overview WebObjects provided by Apple, contains a cross-site scripting vulnerability. WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

JVN#37223351: WebObjects vulnerable to cross-site scripting

WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...

CVE-2008-2318

The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...

Information disclosure

The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...

CVE-2008-2318

The CVE-2008-2318 issue affects Apple’s Xcode WebObjects: the WOHyperlink API in WebObjects before Xcode 3.1 appends local session IDs to generated non-local URLs, enabling potential information disclosure by remote attackers reading those requests. Impact is information leakage without exploitat...

Apple Xcode WebObjects WOHyperlink信息泄露漏洞

BUGTRAQ ID: 30191 CVECAN ID: CVE-2008-2318 Xcode是苹果机器上所使用的开发工具。 WebObjects中包含有一个API用于通过WOHyperlink动态单元在HTML文档中生成URL。在使用时即使对于绝对URL WOHyperlink也会向所生成的URL附加会话ID，因此使用WOHyperlink创建指向其他站点的URL可能导致向该站点泄露当前用户的会话ID。 Apple XCode 2.0 - 3.0 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apple.com...

Apple Xcode WebObjects插件权限提升漏洞

Xcode是苹果机器上所使用的开发工具。 Xcode在以高权限调用外部工具时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 Xcode需要使用OpenBase技术为WebObjects组件提供额外的功能。OpenBase库在调用/Library/OpenBase/bin/gnutar时没有正确地使用setuid权限，在以euid=0运行OpenBase时调用了gnutar。通过使用TAROPTIONS环境变量就可以强制gnutar没有指定路径便调用gzip，因此攻击者可以通过控制PATH变量获得root权限。 Apple XCode 2.2 OpenBase OpenBase...

CVE-2006-4387

Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications...

CVE-2006-4387

Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications...

CVE-2006-4387

CVE-2006-4387 concerns Apple Mac OS X 10.4.x (specifically 10.4 through 10.4.7). The issue: after an administrator clears the “Allow user to administer this computer” checkbox in System Preferences for a user, the user is not removed from the appserveradm or appserverusr groups, leaving the user ...

[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22187 VERIFY ADVISORY: http://secunia.com/advisories/22187/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: From...

[SA20267] Apple Xcode WebObjects Plugin Access Control Vulnerability

TITLE: Apple Xcode WebObjects Plugin Access Control Vulnerability SECUNIA ADVISORY ID: SA20267 VERIFY ADVISORY: http://secunia.com/advisories/20267/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ DESCRIPTION: A...

CVE-2006-1466

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

Code injection

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

CVE-2006-1466

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service...

CVE-2006-1466

The CVE-2006-1466 entry concerns Xcode Tools prior to 2.3 on Mac OS X 10.4. The vulnerability is triggered when the WebObjects plugin runs, allowing remote attackers to access or modify WebObjects projects via a network service. The available sources identify the affected software and the impact ...

CVE-2000-0299

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept...

CVE-2000-0299

CVE-2000-0299 affects the WebObjects Developer 4.5 package, where the WebObjects.exe component is vulnerable to a buffer overflow triggered by HTTP requests with long headers (e.g., Accept). The description states this allows remote denial of service. No explicit patch or remediation is provided ...

Переполнение буфера в WebObjects

Переполнение буфера при слишком длинном дополнительном поле Accept: в заголовке HTTP POST-запроса при обращении к WebObjects.exe...