Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images.
238bec1ecee79fefb9639412113e7fdbb037de09b513fba37017e218ba87e114DMA Radius Manager version 4.4.0 suffers from a cross site request forgery vulnerability.
25570c0aa698b906c3b618a0ca6984fc513a5ae0f965072e74f4f0817fc6e33fDMA Radius Manager versions 4.1.5 and below suffer from a cross site request forgery vulnerability.
08e9e09c8a266941fa5e15bd3bcbeb12102fb65acd809a60445e63f710a03643DMarket version 1.0 suffers from a remote PHP code injection vulnerability.
5d5ecdeb84b7f814206a4385932249068e342d09a297bcb51226363cd73728bdDM Albums version 1.9.2 and WordPress plugin suffer from a remote file inclusion vulnerability.
b784aa497bd6b2055a69418794ed5b13c4b7408ca6b4b8d6a81f3dc90357e0f1Patch for THC's Hydra that adds a dependency checks for openssl needed for the SIP module, modifies checks for libpq.so for Postgresql module, adds a new module for Netware NCP and for Firebird database.
a644e2e1a9eb85606bd9b9f29ac096834058d72e8ab3dca236b8146d7a98e302OmbiWeb version 5.51 suffers from a format string vulnerability.
a78831973f24a948d49ed59403543dddce63a381877be9ae52dfb7e565dfb568Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
641c56a3c3546d6881d7d441e3203e4a9130560679f14bc12df8f0bb36e7d662Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
b981e4326e87927ea14c54f445d1d8c91ca8bad5b3c606732b39860b492a641aA format string vulnerability in the handling of iPhoto XML feeds title field allows potential remote arbitrary code execution.
88beb803c889745f602294769e427670b7244b32e210379b0c1ba1987045b753Kerio WebSTAR versions 5.4.2 and below suffer from a local privilege escalation vulnerability due to an improper loading of a library.
8aef29338e469e924e743135fe46ec140c3e14f4a70c29302bca1c5781c28d15Intego VirusBarrier X4 suffers from a definition bypass vulnerability.
cb1239541fb426479250540f9150a7e2c069a130c929584cf04e64628d107c1dThe openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.
ad085189dd0915f8dae7270a178ad7c5e725a20fdd3cfa1d4ef7ea7224f1dae6DMA-2006-1016a - Apple Xcode WebObjects / OpenBase SQL multiple vulnerabilities including local root and file creation.
2e9a7704a15945cda4c84fce6506a7120005ece92cc5c8fe21b842517833457dfetchmail on Mac OSX versions 10.4.7 and below suffer from an arbitrary code execution flaw.
a79a85fa9c78b353f28bab9c307f950ae95726f9619a959e9e455eb143f10992Mac OS X versions 10.4.6 and below are susceptible to a vulnerability in launchd's syslog() function.
ebe05c1d233358f6cc47cf20ff34ce80da5d2fbaea89f2ca9ece03f88113cdf0ClamAV freshclam suffers from an incorrect privilege dropping vulnerability.
d99dfdbc0180fa1f1ace658b029461b9473dd08a3bfa42d4a2b470b5aa3e3137DMA[2006-0313a] - Apple OSX Mail.app RFC1740 Real Name Buffer Overflow - After applying Security Update 2006-001 Mail.app becomes vulnerable to a buffer overflow that may be triggered via a properly formatted MIME Encapsuled Macintosh file. Sending a file in the AppleDouble format with a long Real Name entry will invoke the overflow. Reading through RFC1740 should provide enough information to trigger the issue. The overflow is triggered by the file that contains the AppleDouble header information.
3edf284ed4ed9d45709010aab5c5a4c039e10a8f50cc01ac609017ae27a9b392AmbiCom Blue Neighbors versions 2.50 Build 2500 and below suffer from a buffer overflow in the Object Push service.
da47d3a1cfa2a10633bedd980ce061b8059930008236018cc8db60cc23de5f44Using ussp-push from the Toshiba Bluetooth Stack versions 4.00.23(T) and below, an attacker can place a trojaned file anywhere on the filesystem.
032e619b38af3404776cca356075de5f940987e34114e0fcfc11faaae45c8d2fThe Widcomm BTW suffers from a remote audio eavesdropping issue.
866ef0aaf005e2d1e28227c8b6a9b0360290e3611a675df0bb6706bd1d5e5344DMA[2005-1202a] - sobexsrv is susceptible to a format string vulnerability.
76c84e2bf4e5cd57ebbbffba7467689a561d8e8da82bd825409341907cb1c713A buffer overflow has been identified in the VCSI18N_LANG environment variable which is used by a number of setuid root applications in Veritas Storage Foundation.
1ce7f2efa1b083250601260fef3536057de94ea8ec55c3048d69d5ed9d37e836The friendsd server that comes with GpsDrive contains an obvious format string issue compliments of a bad fprintf() call.
ec70d84c5f0cca691f8ba58bee71f8d6fe7cc9f04578b31c5892e4614ff209f0The Nokia Affix Bluetooth btsrv makes poor use of a popen() that in turn allows for privileged code execution as root.
cc94edfe1b5429594863603c23d573003e4beca70953ed64e8954d0aeb65b705dsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed