exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Apple Security Advisory 2011-07-20-1
Posted Jul 21, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-07-20-1 - A large amount of security issues have been addressed in Safari versions 5.1 and 5.0.6. These range from cross site scripting, possible arbitrary code execution, accidental trust in a disable root certificate, buffer and integer overflows, and more.

tags | advisory, overflow, arbitrary, root, code execution, xss
systems | apple
advisories | CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2010-3829, CVE-2011-0164, CVE-2011-0195, CVE-2011-0200, CVE-2011-0201, CVE-2011-0202, CVE-2011-0204, CVE-2011-0206, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240
MD5 | f4872bf7b4569d341c9eeaa28b85e926

Related Files

Secunia Security Advisory 50058
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | apple, osx
MD5 | 179d3ea315ad683171611aafb76a6949
Apple Security Advisory 2012-07-25-1
Posted Jul 25, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-07-25-1 - A cross-site scripting issue existed in the handling of feed:// URLs in Safari. An autocomplete flaw was also fixed in Safari. Various other Safari issues have also been addressed. Webkit had code execution, cross origin, access control, and various other vulnerability issues addressed.

tags | advisory, code execution, xss
systems | apple
advisories | CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075
MD5 | 0f9cf93cb601c296b842d2165d23da55
Safari On iOS Denial Of Service
Posted Jun 8, 2012
Authored by Larry W. Cashdollar

Proof of concept crash exploit for Safari on iOS that leverage a denial of service vulnerability.

tags | exploit, denial of service, proof of concept
systems | apple
MD5 | d2a4ed3ad5162815b83473100ea8f5c7
iOS 5.1.1 Safari Browser Denial Of Service
Posted May 26, 2012
Authored by Alberto Ortega

iOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.

tags | exploit, proof of concept
systems | cisco
MD5 | 4c3d65eecf219e11043dc54dccc454f8
Apple Security Advisory 2012-05-09-2
Posted May 10, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3046, CVE-2011-3056, CVE-2012-0672, CVE-2012-0676
MD5 | e3c8d877a6f6c73bc4f2f1f2ff79350f
Secunia Security Advisory 47292
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | apple
MD5 | ca58edd958fc5d12b710e04aacec9b0d
Apple Security Advisory 2012-05-07-1
Posted May 8, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-07-1 - A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. Multiple cross site scripting issues existed in WebKit along with a memory corruption issue.

tags | advisory, web, spoof, xss
systems | apple
advisories | CVE-2012-0674, CVE-2011-3046, CVE-2011-3056, CVE-2012-0672
MD5 | 53429e49b725e46043a970afbdd403fc
Safari For Windows 5.1.5 URL window.open() Spoof
Posted Mar 28, 2012
Authored by Lostmon | Site lostmon.blogspot.com

Safari for Windows versions 5.1.5 and below URL window.open() spoofing exploit.

tags | exploit, spoof
systems | windows
MD5 | b203bc908410ca4e08475fa085b49138
Apple Safari On iOS 5.1 Address Bar Spoofing
Posted Mar 20, 2012
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

Apple Mobile Safari on iOS version 5.1 suffers from an address bar spoofing vulnerability.

tags | exploit, spoof
systems | cisco, linux, apple
MD5 | 7153eff8c5870f683e18b72e8478862c
Secunia Security Advisory 48377
Posted Mar 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | apple
MD5 | eda9b10de3eb1f917fc068a3d23fadfa
Apple Security Advisory 2012-03-12-1
Posted Mar 13, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-03-12-1 - Safari version 5.1.4 is now available and addresses 84 different vulnerabilities. This includes many fixes for WebKit related issues.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3881, CVE-2011-3885, CVE-2011-3887, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0584, CVE-2012-0585, CVE-2012-0586
MD5 | 929a334608d650d0aeca2f63e87e56b5
Secunia Security Advisory 45758
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in Safari, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 0b9d8e96b700ca9799cf275302ad6a66
Secunia Security Advisory 44976
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in Apple Safari, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | apple
MD5 | 52ec3cd5f412b22641a5b461178e180e
Secunia Security Advisory 47319
Posted Dec 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Apple Safari, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
systems | apple
MD5 | 30287733d9199d89f2dfbcc1c86afab2
Apple Safari Webkit libxslt Arbitrary File Creation
Posted Oct 18, 2011
Authored by Nicolas Gregoire | Site metasploit.com

This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1774, OSVDB-74017
MD5 | f0f60d7d29a3200a4856dadf181df880
Apple Safari file:// Arbitrary Code Execution
Posted Oct 17, 2011
Authored by sinn3r, Aaron Sigel | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.

tags | exploit, java, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3230
MD5 | f95a36d638b942780d7aafe3920c0218
Apple Safari Arbitrary Code Execution
Posted Oct 15, 2011
Authored by Aaron Sigel

Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.

tags | exploit, remote
systems | apple
advisories | CVE-2011-3230
MD5 | 00b8b9fdb781878c5ddddeba647bf7e6
Apple Safari Directory Traversal
Posted Oct 15, 2011
Authored by Aaron Sigel

Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.

tags | exploit, web, arbitrary, javascript
systems | windows, apple
advisories | CVE-2011-3229
MD5 | ca7cc95f176434aa766aa010f9a47bee
iDefense Security Advisory 10.12.11 - MobileSafari
Posted Oct 14, 2011
Authored by iDefense Labs, Christian Matthies | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a cross site scripting vulnerability in Apple Inc.'s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, xss
systems | cisco, apple
advisories | CVE-2011-3426
MD5 | dcc98fe86d9a735efa80eeee8e14429d
Secunia Security Advisory 46412
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | apple
MD5 | bc9b1743a4d0d736432f0d767ecdb862
Apple Security Advisory 2011-10-12-4
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-1440, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827
MD5 | 8323a156c78b831dd67558b61d64c06b
Zero Day Initiative Advisory 11-243
Posted Jul 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-0232
MD5 | ade11551bec5661e1b0afea7d690cded
Zero Day Initiative Advisory 11-242
Posted Jul 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-0255
MD5 | 87b31285c55a8404148e0e64d3efc034
Zero Day Initiative Advisory 11-240
Posted Jul 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2011-1453
MD5 | 3d01009b0937287f4463d7e4bef21a56
Zero Day Initiative Advisory 11-239
Posted Jul 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-0233
MD5 | aed4f56b4eb6816960cd28f530b233bf
Page 1 of 4
Back1234Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close