All the vulnerabilites related to openbase_international_ltd - openbase
Vulnerability from fkie_nvd
Published
2006-11-10 02:07
Modified
2024-11-21 00:20
Severity ?
Summary
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | 7.0.15 | |
| openbase_international_ltd | openbase | 8.0.4 | |
| openbase_international_ltd | openbase | 9.1.5 | |
| openbase_international_ltd | openbase | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B3AECE53-2A46-43E6-9A0C-A1E74D653D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E1B9E4CF-9750-48DD-A65D-B1A52FD5D2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "5F7BCC07-04B0-4B11-B260-DF029E95ECFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:10.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3ABB9C1C-B8C2-49CD-8103-71B6D5323D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en openexec de OpenBase SQL versiones anteriores a 10.0.1 permite a atacantes locales obtener privilegios mediante una PATH modificada que referencia a asistentes de ayuda binarios maliciosos, como por ejemplo en (1) cp, (2) rm, y (3) killall, vulnerabilidad diferente a CVE-2006-5327."
}
],
"id": "CVE-2006-5852",
"lastModified": "2024-11-21T00:20:49.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-10T02:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22742"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-10 02:07
Modified
2024-11-21 00:20
Severity ?
Summary
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | 7.0.15 | |
| openbase_international_ltd | openbase | 8.0.4 | |
| openbase_international_ltd | openbase | 9.1.5 | |
| openbase_international_ltd | openbase | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B3AECE53-2A46-43E6-9A0C-A1E74D653D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E1B9E4CF-9750-48DD-A65D-B1A52FD5D2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "5F7BCC07-04B0-4B11-B260-DF029E95ECFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:10.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3ABB9C1C-B8C2-49CD-8103-71B6D5323D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328."
},
{
"lang": "es",
"value": "openexec de OpenBase SQL versiones anteriores a 10.0.1 permite a atacantes locales crear ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el fichero /tmp/output, vulnerabilidad diferente a CVE-2006-5328."
}
],
"id": "CVE-2006-5851",
"lastModified": "2024-11-21T00:20:48.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-10T02:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22742"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-17 21:07
Modified
2024-11-21 00:18
Severity ?
Summary
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | xcode | * | |
| openbase_international_ltd | openbase | * | |
| openbase_international_ltd | openbase | 7.0.15 | |
| openbase_international_ltd | openbase | 8.0.4 | |
| openbase_international_ltd | openbase | 9.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECC94B6-CDEF-4D25-8757-019F7A5E244F",
"versionEndIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3EC070F1-330C-413B-B799-C2F76A65DAA7",
"versionEndIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B3AECE53-2A46-43E6-9A0C-A1E74D653D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E1B9E4CF-9750-48DD-A65D-B1A52FD5D2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "5F7BCC07-04B0-4B11-B260-DF029E95ECFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n mediante una ruta modificada que hace referencia a un programa gzip malicioso, el cual es ejecutado por gnutar con ciertas preferencias en la variable de entorno TAR_OPTIONS, cuando gnutar es invocado por OpenBase."
}
],
"id": "CVE-2006-5327",
"lastModified": "2024-11-21T00:18:46.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-17T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22390"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22474"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27441"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4058"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4059"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-10 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F241AFA9-1A2A-40C7-A906-A121517A6499",
"versionEndIncluding": "10.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el OpenBase 10.0.5 y versiones anteriores pueden permitir a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante la creaci\u00f3n de un procedimiento almacenado con un nombre largo e invocando este procedimiento, lo que dispara una corrupci\u00f3n de mont\u00edculo."
}
],
"id": "CVE-2007-5929",
"lastModified": "2024-11-21T00:38:58.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-10T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38289"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-10 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F241AFA9-1A2A-40C7-A906-A121517A6499",
"versionEndIncluding": "10.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de directorio en el OpenBase 10.0.5 y versiones anteriores permite a usuarios remotos autenticados la creaci\u00f3n de ficheros de su elecci\u00f3n que contienen .. (punto punto) en el primer argumento que se le pasa al procedimiento almacenado GlobalLog. NOTA: Esto puede ser utilizado para ejecutar c\u00f3digo arbitrario utilizando la CVE-2007-5926."
}
],
"id": "CVE-2007-5927",
"lastModified": "2024-11-21T00:38:57.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-10T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-10 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F241AFA9-1A2A-40C7-A906-A121517A6499",
"versionEndIncluding": "10.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear."
},
{
"lang": "es",
"value": "OpenBase 10.0.5 y versiones anteriores permite a usuarios remotos autenticados disparar una liberaci\u00f3n de una localizaci\u00f3n de memoria de su elecci\u00f3n a trav\u00e9s de cadenas largas en sentencias SELECT. NOTA: esto puede ser un desbordamiento de b\u00fafer, pero no est\u00e1 claro."
}
],
"id": "CVE-2007-5928",
"lastModified": "2024-11-21T00:38:58.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-10T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-17 21:07
Modified
2024-11-21 00:18
Severity ?
Summary
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | xcode | * | |
| openbase_international_ltd | openbase | * | |
| openbase_international_ltd | openbase | 7.0.15 | |
| openbase_international_ltd | openbase | 8.0.4 | |
| openbase_international_ltd | openbase | 9.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECC94B6-CDEF-4D25-8757-019F7A5E244F",
"versionEndIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3EC070F1-330C-413B-B799-C2F76A65DAA7",
"versionEndIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B3AECE53-2A46-43E6-9A0C-A1E74D653D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E1B9E4CF-9750-48DD-A65D-B1A52FD5D2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "5F7BCC07-04B0-4B11-B260-DF029E95ECFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file."
},
{
"lang": "es",
"value": "OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales crear archivos de su elecci\u00f3n mediante un ataque de enlace simb\u00f3lico en el fichero simulation.sql."
}
],
"id": "CVE-2006-5328",
"lastModified": "2024-11-21T00:18:47.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-17T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22390"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27441"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20562"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-10 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbase_international_ltd | openbase | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F241AFA9-1A2A-40C7-A906-A121517A6499",
"versionEndIncluding": "10.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures."
},
{
"lang": "es",
"value": "El OpenBase 10.0.5 y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres shell en los argumentos que se les pasan a el(1) AsciiBackup, (2) a el OEMLicenseInstall y, posiblemente, a otros procedimientos almacenados."
}
],
"id": "CVE-2007-5926",
"lastModified": "2024-11-21T00:38:57.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-10T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2006-5851
Vulnerability from cvelistv5
Published
2006-11-10 02:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22742 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=full-disclosure&m=116296717330758&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2006/4404 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/2737 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22742"
},
{
"name": "20081108 OpenBase SQL multiple vulnerabilities Part Deux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"name": "ADV-2006-4404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2737",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22742"
},
{
"name": "20081108 OpenBase SQL multiple vulnerabilities Part Deux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"name": "ADV-2006-4404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2737",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22742"
},
{
"name": "20081108 OpenBase SQL multiple vulnerabilities Part Deux",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
},
{
"name": "ADV-2006-4404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2737",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2737"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5851",
"datePublished": "2006-11-10T02:00:00",
"dateReserved": "2006-11-09T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5928
Vulnerability from cvelistv5
Published
2007-11-10 02:00
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-10T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5928",
"datePublished": "2007-11-10T02:00:00Z",
"dateReserved": "2007-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T19:46:46.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5328
Vulnerability from cvelistv5
Published
2006-10-17 21:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22390 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/27441 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/3665 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018872 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/20562 | vdb-entry, x_refsource_BID | |
| http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt | x_refsource_MISC | |
| http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:29.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22390"
},
{
"name": "27441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "1018872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"name": "20562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22390"
},
{
"name": "27441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "1018872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"name": "20562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22390"
},
{
"name": "27441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "1018872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"name": "20562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20562"
},
{
"name": "http://www.digitalmunition.com/DMA[2006-1016a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2006-1016a].txt"
},
{
"name": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_createfile.pl"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5328",
"datePublished": "2006-10-17T21:00:00",
"dateReserved": "2006-10-17T00:00:00",
"dateUpdated": "2024-08-07T19:48:29.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5929
Vulnerability from cvelistv5
Published
2007-11-10 02:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26347 | vdb-entry, x_refsource_BID | |
| http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38289 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27525 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "openbasesql-stored-procedures-bo(38289)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38289"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "openbasesql-stored-procedures-bo(38289)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38289"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26347"
},
{
"name": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "openbasesql-stored-procedures-bo(38289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38289"
},
{
"name": "27525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5929",
"datePublished": "2007-11-10T02:00:00",
"dateReserved": "2007-11-09T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5926
Vulnerability from cvelistv5
Published
2007-11-10 02:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26347 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38291 | vdb-entry, x_refsource_XF | |
| http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt | x_refsource_MISC | |
| http://secunia.com/advisories/27525 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"name": "openbase-stored-command-execution(38291)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"name": "openbase-stored-command-execution(38291)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26347"
},
{
"name": "openbase-stored-command-execution(38291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291"
},
{
"name": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5926",
"datePublished": "2007-11-10T02:00:00",
"dateReserved": "2007-11-09T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5927
Vulnerability from cvelistv5
Published
2007-11-10 02:00
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26347 | vdb-entry, x_refsource_BID | |
| http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt | x_refsource_MISC | |
| http://secunia.com/advisories/27525 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-10T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26347"
},
{
"name": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt"
},
{
"name": "27525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5927",
"datePublished": "2007-11-10T02:00:00Z",
"dateReserved": "2007-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:38.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5852
Vulnerability from cvelistv5
Published
2006-11-10 02:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22742 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4404 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/2738 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt | x_refsource_MISC | |
| http://marc.info/?l=full-disclosure&m=116296717330758&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22742"
},
{
"name": "ADV-2006-4404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2738",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"name": "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22742"
},
{
"name": "ADV-2006-4404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2738",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"name": "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22742"
},
{
"name": "ADV-2006-4404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4404"
},
{
"name": "2738",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2738"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
},
{
"name": "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5852",
"datePublished": "2006-11-10T02:00:00",
"dateReserved": "2006-11-09T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5327
Vulnerability from cvelistv5
Published
2006-10-17 21:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22390 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4058 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/27441 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/3665 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2006/4059 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018872 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl | x_refsource_MISC | |
| http://www.securityfocus.com/bid/20562 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29624 | vdb-entry, x_refsource_XF | |
| http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt | x_refsource_MISC | |
| http://secunia.com/advisories/22474 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:29.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22390"
},
{
"name": "ADV-2006-4058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4058"
},
{
"name": "27441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "ADV-2006-4059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4059"
},
{
"name": "1018872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl"
},
{
"name": "20562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"name": "openbase-sql-privilege-escalation(29624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"name": "22474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22390"
},
{
"name": "ADV-2006-4058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4058"
},
{
"name": "27441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "ADV-2006-4059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4059"
},
{
"name": "1018872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl"
},
{
"name": "20562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20562"
},
{
"name": "openbase-sql-privilege-escalation(29624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt"
},
{
"name": "22474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22390"
},
{
"name": "ADV-2006-4058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4058"
},
{
"name": "27441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27441"
},
{
"name": "ADV-2007-3665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3665"
},
{
"name": "ADV-2006-4059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4059"
},
{
"name": "1018872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018872"
},
{
"name": "APPLE-SA-2007-10-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html"
},
{
"name": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl"
},
{
"name": "20562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20562"
},
{
"name": "openbase-sql-privilege-escalation(29624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29624"
},
{
"name": "http://www.digitalmunition.com/DMA[2006-1016a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2006-1016a].txt"
},
{
"name": "22474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5327",
"datePublished": "2006-10-17T21:00:00",
"dateReserved": "2006-10-17T00:00:00",
"dateUpdated": "2024-08-07T19:48:29.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}