Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by objective_development
CVE-2018-10470 (GCVE-0-2018-10470)
Vulnerability from cvelistv5 – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
VLAI
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Severity
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://obdev.at/cve/2018-10470-8FRWkW4oH8.html | x_refsource_CONFIRM |
| https://www.okta.com/security-blog/2018/06/issues… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
4.0 - 4.0.6
|
Date Public
2018-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "4.0 - 4.0.6"
}
]
}
],
"datePublic": "2018-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T17:57:01.000Z",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-10470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.0 - 4.0.6"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
"refsource": "CONFIRM",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2018-10470",
"datePublished": "2018-06-12T17:00:00.000Z",
"dateReserved": "2018-04-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from cvelistv5 – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
VLAI
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.obdev.at/products/littlesnitch/releas… | x_refsource_CONFIRM |
| https://twitter.com/patrickwardle/status/84907661… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
3.0 - 3.7.3
|
Date Public
2017-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01.000Z",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4057 (GCVE-0-2008-4057)
Vulnerability from cvelistv5 – Published: 2008-09-11 14:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.obdev.at/products/sharity/releasenotes.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/31638 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30860 | vdb-entryx_refsource_BID |
Date Public
2008-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "objective-sharity-unspecified(44695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "objective-sharity-unspecified(44695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "objective-sharity-unspecified(44695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"name": "http://www.obdev.at/products/sharity/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4057",
"datePublished": "2008-09-11T14:00:00.000Z",
"dateReserved": "2008-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2178 (GCVE-0-2007-2178)
Vulnerability from cvelistv5 – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
VLAI
Summary
Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.obdev.at/products/sharity/releasenotes.html | x_refsource_CONFIRM |
| http://osvdb.org/35044 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/24925 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/23572 | vdb-entryx_refsource_BID |
Date Public
2007-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Sharity-unspecified-dos(33774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "Sharity-unspecified-dos(33774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Sharity-unspecified-dos(33774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"name": "http://www.obdev.at/products/sharity/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"refsource": "OSVDB",
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2178",
"datePublished": "2007-04-24T17:00:00.000Z",
"dateReserved": "2007-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:51.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5220 (GCVE-0-2006-5220)
Vulnerability from cvelistv5 – Published: 2006-10-09 22:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2006-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1702",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29660"
},
{
"name": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22336"
},
{
"name": "http://www.obdev.at/products/webyep/release-notes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5220",
"datePublished": "2006-10-09T22:00:00.000Z",
"dateReserved": "2006-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10470 (GCVE-0-2018-10470)
Vulnerability from nvd – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
VLAI
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Severity
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://obdev.at/cve/2018-10470-8FRWkW4oH8.html | x_refsource_CONFIRM |
| https://www.okta.com/security-blog/2018/06/issues… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
4.0 - 4.0.6
|
Date Public
2018-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "4.0 - 4.0.6"
}
]
}
],
"datePublic": "2018-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T17:57:01.000Z",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-10470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.0 - 4.0.6"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
"refsource": "CONFIRM",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2018-10470",
"datePublished": "2018-06-12T17:00:00.000Z",
"dateReserved": "2018-04-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from nvd – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
VLAI
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity
No CVSS data available.
CWE
- unspecified
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.obdev.at/products/littlesnitch/releas… | x_refsource_CONFIRM |
| https://twitter.com/patrickwardle/status/84907661… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
3.0 - 3.7.3
|
Date Public
2017-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01.000Z",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4057 (GCVE-0-2008-4057)
Vulnerability from nvd – Published: 2008-09-11 14:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.obdev.at/products/sharity/releasenotes.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/31638 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30860 | vdb-entryx_refsource_BID |
Date Public
2008-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "objective-sharity-unspecified(44695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "objective-sharity-unspecified(44695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a \"serious security problem.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "objective-sharity-unspecified(44695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44695"
},
{
"name": "http://www.obdev.at/products/sharity/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "31638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31638"
},
{
"name": "30860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4057",
"datePublished": "2008-09-11T14:00:00.000Z",
"dateReserved": "2008-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2178 (GCVE-0-2007-2178)
Vulnerability from nvd – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
VLAI
Summary
Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.obdev.at/products/sharity/releasenotes.html | x_refsource_CONFIRM |
| http://osvdb.org/35044 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/24925 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/23572 | vdb-entryx_refsource_BID |
Date Public
2007-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Sharity-unspecified-dos(33774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "Sharity-unspecified-dos(33774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Sharity-unspecified-dos(33774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33774"
},
{
"name": "http://www.obdev.at/products/sharity/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/sharity/releasenotes.html"
},
{
"name": "35044",
"refsource": "OSVDB",
"url": "http://osvdb.org/35044"
},
{
"name": "24925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24925"
},
{
"name": "23572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2178",
"datePublished": "2007-04-24T17:00:00.000Z",
"dateReserved": "2007-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:51.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5220 (GCVE-0-2006-5220)
Vulnerability from nvd – Published: 2006-10-09 22:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2006-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1702",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1702",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1702"
},
{
"name": "2496",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2496"
},
{
"name": "29654",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29654"
},
{
"name": "29648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29648"
},
{
"name": "29660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29660"
},
{
"name": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt"
},
{
"name": "29645",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29645"
},
{
"name": "20406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20406"
},
{
"name": "29644",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29644"
},
{
"name": "20061009 [ECHO_ADV_48$2006] WebYep \u003c= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded"
},
{
"name": "29649",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29649"
},
{
"name": "29656",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29656"
},
{
"name": "29659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29659"
},
{
"name": "ADV-2006-3972",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3972"
},
{
"name": "29652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29652"
},
{
"name": "29650",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29650"
},
{
"name": "webyep-webyep-file-include(29397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397"
},
{
"name": "22336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22336"
},
{
"name": "http://www.obdev.at/products/webyep/release-notes.html",
"refsource": "CONFIRM",
"url": "http://www.obdev.at/products/webyep/release-notes.html"
},
{
"name": "29658",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29658"
},
{
"name": "1017023",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017023"
},
{
"name": "29653",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29653"
},
{
"name": "29657",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29657"
},
{
"name": "29662",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29662"
},
{
"name": "29663",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29663"
},
{
"name": "29661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29661"
},
{
"name": "29647",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29647"
},
{
"name": "29646",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29646"
},
{
"name": "29643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29643"
},
{
"name": "29651",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29651"
},
{
"name": "29655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5220",
"datePublished": "2006-10-09T22:00:00.000Z",
"dateReserved": "2006-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}