This Metasploit module exploits a stack overflow in SHTTPD <= 1.34. The vulnerability is caused due to a boundary error within the handling of POST requests. Based on an original exploit by skOd but using a different method found by hdm.
bbf79a73aac5ea469215c707ea33d3bd1c106a494632ed021e897dc2cd38886fWordpress Pwnpress Exploitation Toolkit. Works on multiple versions. GUI version.
4236e25c7800fe6d54c5450e16f609b6908b17972d3041718a691185d3b31202Wordpress Pwnpress Exploitation Toolkit. Works on multiple versions.
8580b757e2416565607ead6887542d2326719b6a466bf96d6daa3fefa95ed7f0Month of Apple Bugs - Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS. This is the denial of service proof of concept exploit.
a256f4a5ef48238266e678eab766d0cb63eb44cfd99e5782f4b5fff8e5aed773Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
a2f484f050a3539545bc04527aebfb7718411d5e564498448fa7024d15700ebeMonth of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.
5b0f7f222237672bd530a2f1c52368b0a593f5907f49c47913ca01b2f7900a50Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
f7406daaadebb8a416333b8bedaa7f1ba60dc4e0d60fe455f34deb18ee74e296Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
3199da9edd031aaa3b4b089d6910159ef30dde29e74ba47226c79241f26f3d3fMonth of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept exploit in .pct format that demonstrates this vulnerability.
cae45c1818004c6d0fa86b4df9d9713a53b3af47e14c3b7813983523855384baMonth of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
649846dcedfd17c9b293d5b586249ab6641f7f2f4b7077ce8728d64523c3794eMonth of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
bc6a6482959f9f36bea4aefc8de705de29960037c93a88c4c71f6382b1e18c26Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.
c72c10a4e48008dc4508828d784627e557382e0c510236900986c74a82eab3f4Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.
9080e0d951067307f9ad1fe2f1c855dcceaac4dd146e38b6c610d666ed9c242fMonth of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.
324e1c2a699138a78ea18bf0111256c4c75fe4eedb6f2baead3e5c38d188b60eMonth of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.
b43cb8369fd15b26f59289ce05b054d9e9b5ee73e4ea4f070c7f378698fc6935Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.
ecc8ca506c0501b6a06a3dce70b0267fdd8463686c38cd7f7364ee7acf7ad640Month of Apple Bugs - Proof of concept exploit for a local privilege escalation vulnerability on Mac OS X. Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation.
5d79f7e869386b86fb511af90c48ec4794090cc26d9550ab41fb92e9be07807cMonth of Apple Bugs - Proof of concept exploit for the _ATPsndrsp function. The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.
ecaf4e16cc626471b59446fc33fded909708cba04efa57ef9ad8f795f1e0ead4Month of Apple Bugs - This is a specially crafted HFS+ filesystem in a DMG image that can cause the do_hfs_truncate() function to panic the kernel (denial of service), when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+ filesystems corruption.
2dad00428d7585a35288df4bbecb6e942d5b73244ab459f875cd6d71f91ea91eMonth of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
641c56a3c3546d6881d7d441e3203e4a9130560679f14bc12df8f0bb36e7d662Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
b981e4326e87927ea14c54f445d1d8c91ca8bad5b3c606732b39860b492a641aMonth of Apple Bugs - Exploit for the Application Enhancer (APE), which is affected by a local privilege escalation vulnerability that allows local users to gain root privileges.
022ab59da53042f4ad0dadf5efb09eb65b8d7f1c45cfc3279afa1c3afbd66fbfMonth of Apple Bugs - This HTML file is an exploit for OmniWeb. OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution.
297d0995c250f8cc72592389a406917ac1bf22428361bbff663a27278cf94085Month of Apple Bugs - Warning, this pdf is an exploit. The current PDF specification is affected by a design flaw, a rogue Pages entry or malicious catalog dictionary could cause a denial of service (memory corruption condition, memory leakage, etc) or potential arbitrary code execution in the reader application.
7befba5152c7b30d54a97e3a52d7ff58a3858ea958dac2460153bce1334d0e22Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
d23d1ffe7410fc22b798de3144cff78a0f519bb100421ea6abce589bef246321
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed