MacKeeper suffers from a remote code execution vulnerability in the URL handler. Included in this bundle is the advisory and the source code to the proof of concept.
61bda7a68f01c57e6a1218642d9c2734402cd77fd0a5dd7e9a66def9858f7316
This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).
613d2a6ea0710e79632bd00382a3b337e054c8c877f492ee49389de90972e239
4d WebSTAR version 5.x on Mac OS X suffers from a buffer overflow. Proof of concept exploit included.
63c9bfd5a9c020f28251e55dc45da0b77623449ac1c7746221321a2fbf0234ad
4D WebStar Tomcat plugin remote buffer overflow exploit.
6e58c109c689d287f16f4d6015da0fcd33537606df9e305a3dc263b78c40019d