This paper details how poorly Linux devices in cop cars are set up and how their lack of a secure design puts everyone at risk.
fc7efa4a04b53671d3343de2d1e7775fdccf6bd40812c3090eabe0d4f58c410bThis Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
18334e64c1ccbeb5a3f96e1e9a81a3c6475589d69aefabd8ff1d29aa8ad74a99This Metasploit module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.
aa4bc52d99a5375b0d0710ee2d12fe495a795c13691639ec782fff6ffddc4edeThis Metasploit module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.
e7be07350ced9d99747f9c25b7062ad223b93cc2cecdcacbc714a84918ea9198This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
42ae033dbe425fc32ab38f3fc3b946e80a302b5e5f4cecc84aa56930c3a7467dProof of concept exploit for the Safari RSS feed:// buffer overflow via libxml2.
dc2da5bd1964ea782b2a6d92867880c82e34a71e8d0a5588f17d7720c3f7d3d8This Metasploit module is a credential leak sniffer for the GE Proficy Real Time Information Portal.
9788f2d35640353df39ddbc0a6e32a572a688684a9eee64d17eb6deecfd827e3This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7.
964dabad19a7f4cc68531d84e4b801807359a6d0cc916ab14e3874c422b8c097This Metasploit module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect versions 5, 6, and 7.
4b8827fd3066f46018ff90f1daa741907933623b3c2e871114a59e4b146524c0Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.
461394d46dce182dddd5cd5ac8284bec3acbe0ca019c1b7a15477e4a510c19e6This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.
159b79d396cc6be73eddeb8db6cd9975c0d95b50f6eb41571ed8f34e088a507fThis Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.
ba86f554ff58ec884739058eb80af65e4d58a0973721425b952d586468e13d92A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This file exploits this vulnerability on Mac OS X.
cac8004c33b7c7a74786245dbc74af8080d860279ab8e8548030b1f6120d6571Netragard, L.L.C Advisory - An exploitable vulnerability exists in FrontBase that can be used to gain NT AUTHORITY\SYSTEM or root privileges on an affected system. FrontBase versions 4.2.7 and below are affected.
cd42c535ea4a9cbfa1eb848bf2b4eff416a1e0f36719dba4953b028de6dfb69eNetragard, L.L.C Advisory - McAfee Virex contains an exploitable feature that enables users to define what files should be excluded for scanning. This feature relies on a configuration file with insecure privileges and is located in /Library/Application Support. Any user on the system can modify or delete the configuration file thus affecting what Virex will scan. Versions 7.7 and below are affected.
a3cb1e800dcc7d0c7dfc001dd8db9bc345f0a9944f95a36846b83a05d5b0d489Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
a2f484f050a3539545bc04527aebfb7718411d5e564498448fa7024d15700ebeMonth of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.
5b0f7f222237672bd530a2f1c52368b0a593f5907f49c47913ca01b2f7900a50Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
649846dcedfd17c9b293d5b586249ab6641f7f2f4b7077ce8728d64523c3794eMonth of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
bc6a6482959f9f36bea4aefc8de705de29960037c93a88c4c71f6382b1e18c26Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.
c72c10a4e48008dc4508828d784627e557382e0c510236900986c74a82eab3f4Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.
9080e0d951067307f9ad1fe2f1c855dcceaac4dd146e38b6c610d666ed9c242fMonth of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.
324e1c2a699138a78ea18bf0111256c4c75fe4eedb6f2baead3e5c38d188b60eMonth of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.
b43cb8369fd15b26f59289ce05b054d9e9b5ee73e4ea4f070c7f378698fc6935Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.
ecc8ca506c0501b6a06a3dce70b0267fdd8463686c38cd7f7364ee7acf7ad640Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images.
238bec1ecee79fefb9639412113e7fdbb037de09b513fba37017e218ba87e114
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed