Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by objective_development

    CVE-2018-10470 (GCVE-0-2018-10470)

    Vulnerability from cvelistv5 – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
    VLAI
    Summary
    Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
    Severity
    No CVSS data available.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Date Public
    2018-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:07.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Little Snitch",
              "vendor": "Objective Development Software GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 - 4.0.6"
                }
              ]
            }
          ],
          "datePublic": "2018-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T17:57:01.000Z",
            "orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
            "shortName": "obdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2018-06-12T00:00:00",
              "ID": "CVE-2018-10470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Little Snitch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 - 4.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Objective Development Software GmbH"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-347: Improper Verification of Cryptographic Signature"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
                  "refsource": "CONFIRM",
                  "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
                },
                {
                  "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
                  "refsource": "MISC",
                  "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
        "assignerShortName": "obdev",
        "cveId": "CVE-2018-10470",
        "datePublished": "2018-06-12T17:00:00.000Z",
        "dateReserved": "2018-04-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:03:03.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2675 (GCVE-0-2017-2675)

    Vulnerability from cvelistv5 – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
    Severity
    No CVSS data available.
    CWE
    • unspecified
    Assigner
    References
    Impacted products
    Date Public
    2017-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/patrickwardle/status/849076615170711552"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Little Snitch",
              "vendor": "Objective Development Software GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0 - 3.7.3"
                }
              ]
            }
          ],
          "datePublic": "2017-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unspecified",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-11T19:57:01.000Z",
            "orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
            "shortName": "obdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/patrickwardle/status/849076615170711552"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-2675",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Little Snitch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.0 - 3.7.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Objective Development Software GmbH"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unspecified"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
                },
                {
                  "name": "https://twitter.com/patrickwardle/status/849076615170711552",
                  "refsource": "MISC",
                  "url": "https://twitter.com/patrickwardle/status/849076615170711552"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
        "assignerShortName": "obdev",
        "cveId": "CVE-2017-2675",
        "datePublished": "2017-04-06T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4057 (GCVE-0-2008-4057)

    Vulnerability from cvelistv5 – Published: 2008-09-11 14:00 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.obdev.at/products/sharity/releasenotes.html x_refsource_CONFIRM
    http://secunia.com/advisories/31638 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/30860 vdb-entryx_refsource_BID
    Date Public
    2008-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "objective-sharity-unspecified(44695)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/sharity/releasenotes.html"
              },
              {
                "name": "31638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31638"
              },
              {
                "name": "30860",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "objective-sharity-unspecified(44695)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/sharity/releasenotes.html"
            },
            {
              "name": "31638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31638"
            },
            {
              "name": "30860",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30860"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4057",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "objective-sharity-unspecified(44695)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
                },
                {
                  "name": "http://www.obdev.at/products/sharity/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/sharity/releasenotes.html"
                },
                {
                  "name": "31638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31638"
                },
                {
                  "name": "30860",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30860"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4057",
        "datePublished": "2008-09-11T14:00:00.000Z",
        "dateReserved": "2008-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2178 (GCVE-0-2007-2178)

    Vulnerability from cvelistv5 – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.obdev.at/products/sharity/releasenotes.html x_refsource_CONFIRM
    http://osvdb.org/35044 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24925 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23572 vdb-entryx_refsource_BID
    Date Public
    2007-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Sharity-unspecified-dos(33774)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/sharity/releasenotes.html"
              },
              {
                "name": "35044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35044"
              },
              {
                "name": "24925",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24925"
              },
              {
                "name": "23572",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23572"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "Sharity-unspecified-dos(33774)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/sharity/releasenotes.html"
            },
            {
              "name": "35044",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35044"
            },
            {
              "name": "24925",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24925"
            },
            {
              "name": "23572",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23572"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "Sharity-unspecified-dos(33774)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
                },
                {
                  "name": "http://www.obdev.at/products/sharity/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/sharity/releasenotes.html"
                },
                {
                  "name": "35044",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35044"
                },
                {
                  "name": "24925",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24925"
                },
                {
                  "name": "23572",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23572"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2178",
        "datePublished": "2007-04-24T17:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5220 (GCVE-0-2006-5220)

    Vulnerability from cvelistv5 – Published: 2006-10-09 22:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/1702 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/2496 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/29654 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29648 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29660 vdb-entryx_refsource_OSVDB
    http://advisories.echo.or.id/adv/adv48-theday-2006.txt x_refsource_MISC
    http://www.osvdb.org/29645 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/20406 vdb-entryx_refsource_BID
    http://www.osvdb.org/29644 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/448009/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/29649 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29656 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29659 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/3972 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/29652 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29650 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/22336 third-party-advisoryx_refsource_SECUNIA
    http://www.obdev.at/products/webyep/release-notes.html x_refsource_CONFIRM
    http://www.osvdb.org/29658 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1017023 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/29653 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29657 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29662 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29663 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29661 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29647 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29646 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29643 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29651 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29655 vdb-entryx_refsource_OSVDB
    Date Public
    2006-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1702"
              },
              {
                "name": "2496",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2496"
              },
              {
                "name": "29654",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29654"
              },
              {
                "name": "29648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29648"
              },
              {
                "name": "29660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
              },
              {
                "name": "29645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29645"
              },
              {
                "name": "20406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20406"
              },
              {
                "name": "29644",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29644"
              },
              {
                "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
              },
              {
                "name": "29649",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29649"
              },
              {
                "name": "29656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29656"
              },
              {
                "name": "29659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29659"
              },
              {
                "name": "ADV-2006-3972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3972"
              },
              {
                "name": "29652",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29652"
              },
              {
                "name": "29650",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29650"
              },
              {
                "name": "webyep-webyep-file-include(29397)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
              },
              {
                "name": "22336",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22336"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/webyep/release-notes.html"
              },
              {
                "name": "29658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29658"
              },
              {
                "name": "1017023",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017023"
              },
              {
                "name": "29653",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29653"
              },
              {
                "name": "29657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29657"
              },
              {
                "name": "29662",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29662"
              },
              {
                "name": "29663",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29663"
              },
              {
                "name": "29661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29661"
              },
              {
                "name": "29647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29647"
              },
              {
                "name": "29646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29646"
              },
              {
                "name": "29643",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29643"
              },
              {
                "name": "29651",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29651"
              },
              {
                "name": "29655",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29655"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1702"
            },
            {
              "name": "2496",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2496"
            },
            {
              "name": "29654",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29654"
            },
            {
              "name": "29648",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29648"
            },
            {
              "name": "29660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
            },
            {
              "name": "29645",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29645"
            },
            {
              "name": "20406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20406"
            },
            {
              "name": "29644",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29644"
            },
            {
              "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
            },
            {
              "name": "29649",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29649"
            },
            {
              "name": "29656",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29656"
            },
            {
              "name": "29659",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29659"
            },
            {
              "name": "ADV-2006-3972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3972"
            },
            {
              "name": "29652",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29652"
            },
            {
              "name": "29650",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29650"
            },
            {
              "name": "webyep-webyep-file-include(29397)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
            },
            {
              "name": "22336",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22336"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/webyep/release-notes.html"
            },
            {
              "name": "29658",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29658"
            },
            {
              "name": "1017023",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017023"
            },
            {
              "name": "29653",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29653"
            },
            {
              "name": "29657",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29657"
            },
            {
              "name": "29662",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29662"
            },
            {
              "name": "29663",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29663"
            },
            {
              "name": "29661",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29661"
            },
            {
              "name": "29647",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29647"
            },
            {
              "name": "29646",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29646"
            },
            {
              "name": "29643",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29643"
            },
            {
              "name": "29651",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29651"
            },
            {
              "name": "29655",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29655"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5220",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1702",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1702"
                },
                {
                  "name": "2496",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2496"
                },
                {
                  "name": "29654",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29654"
                },
                {
                  "name": "29648",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29648"
                },
                {
                  "name": "29660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29660"
                },
                {
                  "name": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt",
                  "refsource": "MISC",
                  "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
                },
                {
                  "name": "29645",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29645"
                },
                {
                  "name": "20406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20406"
                },
                {
                  "name": "29644",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29644"
                },
                {
                  "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
                },
                {
                  "name": "29649",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29649"
                },
                {
                  "name": "29656",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29656"
                },
                {
                  "name": "29659",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29659"
                },
                {
                  "name": "ADV-2006-3972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3972"
                },
                {
                  "name": "29652",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29652"
                },
                {
                  "name": "29650",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29650"
                },
                {
                  "name": "webyep-webyep-file-include(29397)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
                },
                {
                  "name": "22336",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22336"
                },
                {
                  "name": "http://www.obdev.at/products/webyep/release-notes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/webyep/release-notes.html"
                },
                {
                  "name": "29658",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29658"
                },
                {
                  "name": "1017023",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017023"
                },
                {
                  "name": "29653",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29653"
                },
                {
                  "name": "29657",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29657"
                },
                {
                  "name": "29662",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29662"
                },
                {
                  "name": "29663",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29663"
                },
                {
                  "name": "29661",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29661"
                },
                {
                  "name": "29647",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29647"
                },
                {
                  "name": "29646",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29646"
                },
                {
                  "name": "29643",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29643"
                },
                {
                  "name": "29651",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29651"
                },
                {
                  "name": "29655",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29655"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5220",
        "datePublished": "2006-10-09T22:00:00.000Z",
        "dateReserved": "2006-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10470 (GCVE-0-2018-10470)

    Vulnerability from nvd – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
    VLAI
    Summary
    Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
    Severity
    No CVSS data available.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Date Public
    2018-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:07.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Little Snitch",
              "vendor": "Objective Development Software GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0 - 4.0.6"
                }
              ]
            }
          ],
          "datePublic": "2018-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-12T17:57:01.000Z",
            "orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
            "shortName": "obdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2018-06-12T00:00:00",
              "ID": "CVE-2018-10470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Little Snitch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.0 - 4.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Objective Development Software GmbH"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-347: Improper Verification of Cryptographic Signature"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
                  "refsource": "CONFIRM",
                  "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
                },
                {
                  "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
                  "refsource": "MISC",
                  "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
        "assignerShortName": "obdev",
        "cveId": "CVE-2018-10470",
        "datePublished": "2018-06-12T17:00:00.000Z",
        "dateReserved": "2018-04-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:03:03.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2675 (GCVE-0-2017-2675)

    Vulnerability from nvd – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
    Severity
    No CVSS data available.
    CWE
    • unspecified
    Assigner
    References
    Impacted products
    Date Public
    2017-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/patrickwardle/status/849076615170711552"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Little Snitch",
              "vendor": "Objective Development Software GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0 - 3.7.3"
                }
              ]
            }
          ],
          "datePublic": "2017-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unspecified",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-11T19:57:01.000Z",
            "orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
            "shortName": "obdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/patrickwardle/status/849076615170711552"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-2675",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Little Snitch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.0 - 3.7.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Objective Development Software GmbH"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unspecified"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
                },
                {
                  "name": "https://twitter.com/patrickwardle/status/849076615170711552",
                  "refsource": "MISC",
                  "url": "https://twitter.com/patrickwardle/status/849076615170711552"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
        "assignerShortName": "obdev",
        "cveId": "CVE-2017-2675",
        "datePublished": "2017-04-06T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4057 (GCVE-0-2008-4057)

    Vulnerability from nvd – Published: 2008-09-11 14:00 – Updated: 2024-08-07 10:00
    VLAI
    Summary
    Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.obdev.at/products/sharity/releasenotes.html x_refsource_CONFIRM
    http://secunia.com/advisories/31638 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/30860 vdb-entryx_refsource_BID
    Date Public
    2008-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:00:42.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "objective-sharity-unspecified(44695)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/sharity/releasenotes.html"
              },
              {
                "name": "31638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31638"
              },
              {
                "name": "30860",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30860"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "objective-sharity-unspecified(44695)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/sharity/releasenotes.html"
            },
            {
              "name": "31638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31638"
            },
            {
              "name": "30860",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30860"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4057",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "objective-sharity-unspecified(44695)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
                },
                {
                  "name": "http://www.obdev.at/products/sharity/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/sharity/releasenotes.html"
                },
                {
                  "name": "31638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31638"
                },
                {
                  "name": "30860",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30860"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4057",
        "datePublished": "2008-09-11T14:00:00.000Z",
        "dateReserved": "2008-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:00:42.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2178 (GCVE-0-2007-2178)

    Vulnerability from nvd – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.obdev.at/products/sharity/releasenotes.html x_refsource_CONFIRM
    http://osvdb.org/35044 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24925 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23572 vdb-entryx_refsource_BID
    Date Public
    2007-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Sharity-unspecified-dos(33774)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/sharity/releasenotes.html"
              },
              {
                "name": "35044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35044"
              },
              {
                "name": "24925",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24925"
              },
              {
                "name": "23572",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23572"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "Sharity-unspecified-dos(33774)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/sharity/releasenotes.html"
            },
            {
              "name": "35044",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35044"
            },
            {
              "name": "24925",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24925"
            },
            {
              "name": "23572",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23572"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "Sharity-unspecified-dos(33774)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
                },
                {
                  "name": "http://www.obdev.at/products/sharity/releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/sharity/releasenotes.html"
                },
                {
                  "name": "35044",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35044"
                },
                {
                  "name": "24925",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24925"
                },
                {
                  "name": "23572",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23572"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2178",
        "datePublished": "2007-04-24T17:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5220 (GCVE-0-2006-5220)

    Vulnerability from nvd – Published: 2006-10-09 22:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/1702 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/2496 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/29654 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29648 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29660 vdb-entryx_refsource_OSVDB
    http://advisories.echo.or.id/adv/adv48-theday-2006.txt x_refsource_MISC
    http://www.osvdb.org/29645 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/20406 vdb-entryx_refsource_BID
    http://www.osvdb.org/29644 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/448009/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/29649 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29656 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29659 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2006/3972 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/29652 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29650 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/22336 third-party-advisoryx_refsource_SECUNIA
    http://www.obdev.at/products/webyep/release-notes.html x_refsource_CONFIRM
    http://www.osvdb.org/29658 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1017023 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/29653 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29657 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29662 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29663 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29661 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29647 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29646 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29643 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29651 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/29655 vdb-entryx_refsource_OSVDB
    Date Public
    2006-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1702",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1702"
              },
              {
                "name": "2496",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2496"
              },
              {
                "name": "29654",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29654"
              },
              {
                "name": "29648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29648"
              },
              {
                "name": "29660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
              },
              {
                "name": "29645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29645"
              },
              {
                "name": "20406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20406"
              },
              {
                "name": "29644",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29644"
              },
              {
                "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
              },
              {
                "name": "29649",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29649"
              },
              {
                "name": "29656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29656"
              },
              {
                "name": "29659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29659"
              },
              {
                "name": "ADV-2006-3972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3972"
              },
              {
                "name": "29652",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29652"
              },
              {
                "name": "29650",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29650"
              },
              {
                "name": "webyep-webyep-file-include(29397)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
              },
              {
                "name": "22336",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22336"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.obdev.at/products/webyep/release-notes.html"
              },
              {
                "name": "29658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29658"
              },
              {
                "name": "1017023",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017023"
              },
              {
                "name": "29653",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29653"
              },
              {
                "name": "29657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29657"
              },
              {
                "name": "29662",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29662"
              },
              {
                "name": "29663",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29663"
              },
              {
                "name": "29661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29661"
              },
              {
                "name": "29647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29647"
              },
              {
                "name": "29646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29646"
              },
              {
                "name": "29643",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29643"
              },
              {
                "name": "29651",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29651"
              },
              {
                "name": "29655",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29655"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1702",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1702"
            },
            {
              "name": "2496",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2496"
            },
            {
              "name": "29654",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29654"
            },
            {
              "name": "29648",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29648"
            },
            {
              "name": "29660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
            },
            {
              "name": "29645",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29645"
            },
            {
              "name": "20406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20406"
            },
            {
              "name": "29644",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29644"
            },
            {
              "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
            },
            {
              "name": "29649",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29649"
            },
            {
              "name": "29656",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29656"
            },
            {
              "name": "29659",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29659"
            },
            {
              "name": "ADV-2006-3972",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3972"
            },
            {
              "name": "29652",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29652"
            },
            {
              "name": "29650",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29650"
            },
            {
              "name": "webyep-webyep-file-include(29397)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
            },
            {
              "name": "22336",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22336"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.obdev.at/products/webyep/release-notes.html"
            },
            {
              "name": "29658",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29658"
            },
            {
              "name": "1017023",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017023"
            },
            {
              "name": "29653",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29653"
            },
            {
              "name": "29657",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29657"
            },
            {
              "name": "29662",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29662"
            },
            {
              "name": "29663",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29663"
            },
            {
              "name": "29661",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29661"
            },
            {
              "name": "29647",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29647"
            },
            {
              "name": "29646",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29646"
            },
            {
              "name": "29643",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29643"
            },
            {
              "name": "29651",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29651"
            },
            {
              "name": "29655",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29655"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5220",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1702",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1702"
                },
                {
                  "name": "2496",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2496"
                },
                {
                  "name": "29654",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29654"
                },
                {
                  "name": "29648",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29648"
                },
                {
                  "name": "29660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29660"
                },
                {
                  "name": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt",
                  "refsource": "MISC",
                  "url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
                },
                {
                  "name": "29645",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29645"
                },
                {
                  "name": "20406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20406"
                },
                {
                  "name": "29644",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29644"
                },
                {
                  "name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
                },
                {
                  "name": "29649",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29649"
                },
                {
                  "name": "29656",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29656"
                },
                {
                  "name": "29659",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29659"
                },
                {
                  "name": "ADV-2006-3972",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3972"
                },
                {
                  "name": "29652",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29652"
                },
                {
                  "name": "29650",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29650"
                },
                {
                  "name": "webyep-webyep-file-include(29397)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
                },
                {
                  "name": "22336",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22336"
                },
                {
                  "name": "http://www.obdev.at/products/webyep/release-notes.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.obdev.at/products/webyep/release-notes.html"
                },
                {
                  "name": "29658",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29658"
                },
                {
                  "name": "1017023",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017023"
                },
                {
                  "name": "29653",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29653"
                },
                {
                  "name": "29657",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29657"
                },
                {
                  "name": "29662",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29662"
                },
                {
                  "name": "29663",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29663"
                },
                {
                  "name": "29661",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29661"
                },
                {
                  "name": "29647",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29647"
                },
                {
                  "name": "29646",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29646"
                },
                {
                  "name": "29643",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29643"
                },
                {
                  "name": "29651",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29651"
                },
                {
                  "name": "29655",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29655"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5220",
        "datePublished": "2006-10-09T22:00:00.000Z",
        "dateReserved": "2006-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }