Section: .. / 0701-exploits /

Page 5 of 8
<< 1 2 3 4 5 6 7 8 >> Files 100 - 125 of 195

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	MOAB-09-01-2007.rb.txt
Description:	Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/index.html
Related Exploit:	MOAB-09-01-2007.dmg
File Size:	668
Last Modified:	Jan 13 23:45:07 2007
MD5 Checksum:	7c18ab0283bcd54f3690d40678de850b

/// File Name:	MOAB-10-01-2007.dmg.gz
Description:	Month of Apple Bugs - Exploit for the ffs_mountfs() function. The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.
Homepage:	http://projects.info-pull.com/moab/index.html
File Size:	900437
Last Modified:	Jan 13 23:46:40 2007
MD5 Checksum:	9fded174a03c49567839f12fb507720d

/// File Name:	MOAB-11-01-2007.dmg.gz
Description:	Month of Apple Bugs - Exploit for the byte_swap_sbin() function. The byte_swap_sbin() function, one of the UFS byte swapping routines (this code is not present in FreeBSD and it's Mac OS X XNU-specific; used for compatibility of filesystem streams between little and big-endian systems) is affected by a integer overflow vulnerability, leading to an exploitable denial of service condition.
Homepage:	http://projects.info-pull.com/moab/index.html
File Size:	835070
Last Modified:	Jan 13 23:47:37 2007
MD5 Checksum:	fe61ab655bf2a2ba55995d71e5e89eaa

/// File Name:	MOAB-12-01-2007.dmg.gz
Description:	Month of Apple Bugs - Exploit that demonstrates a denial of service in the UFS filesystem. A specially crafted UFS filesystem in a DMG image can cause the ufs_lookup() function to call ufs_dirbad() when a corrupted directory entry is being read, leading to a kernel panic (denial of service). This issue cannot be abused for remote code execution.
Homepage:	http://projects.info-pull.com/moab/index.html
File Size:	8828
Last Modified:	Jan 13 23:48:50 2007
MD5 Checksum:	5e7418b5e7e4398e8fadcdaf873b1bcf

/// File Name:	MOAB-13-01-2007.dmg.gz
Description:	Month of Apple Bugs - This is a specially crafted HFS+ filesystem in a DMG image that can cause the do_hfs_truncate() function to panic the kernel (denial of service), when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+ filesystems corruption.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	209464
Related CVE(s):	CVE-2006-5482
Last Modified:	Jan 20 04:07:28 2007
MD5 Checksum:	bfca8d4401098b7bcee7f1364f4cf014

/// File Name:	MOAB-14-01-2007.c
Description:	Month of Apple Bugs - Proof of concept exploit for the _ATPsndrsp function. The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	1894
Related CVE(s):	CVE-2007-0236
Last Modified:	Jan 20 04:09:05 2007
MD5 Checksum:	d8a22e613c075522ee7d1a0b3bdf1403

/// File Name:	MOAB-15-01-2007.rb.txt
Description:	Month of Apple Bugs - Proof of concept exploit for a local privilege escalation vulnerability on Mac OS X. Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	2520
Last Modified:	Jan 20 04:11:37 2007
MD5 Checksum:	6762c468a26eb0f93504c63d879495d9

/// File Name:	MOAB-16-01-2007.rb.txt
Description:	Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	2324
Last Modified:	Jan 20 04:14:45 2007
MD5 Checksum:	cdd6c9e0e59a872c2790c1ee93429dcd

/// File Name:	MOAB-17-01-2007.rb.txt
Description:	Month of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	1101
Last Modified:	Jan 20 04:16:28 2007
MD5 Checksum:	4e5ef169ae8d60a1ea2d97be091df8b0

/// File Name:	MOAB-18-01-2007.rb.txt
Description:	Month of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	1448
Related CVE(s):	CVE-2007-0019
Last Modified:	Jan 20 04:17:46 2007
MD5 Checksum:	f346f828f0229f5d5c055f66c3cc0e16

/// File Name:	MOAB-19-01-2007.tgz
Description:	Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	585
Related CVE(s):	CVE-2007-0020
Last Modified:	Jan 24 06:19:49 2007
MD5 Checksum:	7370fba31d7c89633f6e4ad90a5ccc4a

/// File Name:	MOAB-20-01-2007.tgz
Description:	Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	407
Related CVE(s):	CVE-2007-0021
Last Modified:	Jan 24 06:22:31 2007
MD5 Checksum:	63c02efdb8962b52b3440ecb316ff35b

/// File Name:	MOAB-21-01-2007.rb.txt
Description:	Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	1034
Related CVE(s):	CVE-2007-0022
Last Modified:	Jan 24 06:23:36 2007
MD5 Checksum:	c16f4b258d9bb1185318cdd04d6a3967

/// File Name:	MOAB-22-01-2007.rb.txt
Description:	Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	1510
Related CVE(s):	CVE-2007-0023
Last Modified:	Jan 24 06:24:54 2007
MD5 Checksum:	0822f8f385381a6dada4f24b194e032f

/// File Name:	MOAB-23-01-2007.pct
Description:	Month of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept exploit in .pct format that demonstrates this vulnerability.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	814
Related CVE(s):	CVE-2007-0462
Last Modified:	Jan 24 06:26:41 2007
MD5 Checksum:	fcae7cb4702799a0830019747e1aba01

/// File Name:	MOAB-25-01-2007.c
Description:	Month of Apple Bugs - C exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	618
Related CVE(s):	CVE-2007-0464
Last Modified:	Jan 27 05:28:11 2007
MD5 Checksum:	ac9a8250d37eaab982f149693cdcbca0

/// File Name:	MOAB-25-01-2007.rb.txt
Description:	Month of Apple Bugs - Ruby exploit that demonstrates how CFNetwork fails to handle certain HTTP responses properly, causing the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, leading to a denial of service condition.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	690
Related CVE(s):	CVE-2007-0464
Last Modified:	Jan 27 05:28:46 2007
MD5 Checksum:	d7a1cfb7ab5a8a173db599dc81d957de

/// File Name:	MOAB-27-01-2007.tgz
Description:	Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	150157
Related CVE(s):	CVE-2007-0466
Last Modified:	Jan 29 17:57:21 2007
MD5 Checksum:	251f0955c2ec6f2f9ea3ea7160b05822

/// File Name:	MOAB-28-01-2007.rb.txt
Description:	Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
Author:	LMH,Kevin Finisterre
Homepage:	http://projects.info-pull.com/moab/
File Size:	1848
Related CVE(s):	CVE-2007-0467
Last Modified:	Jan 29 17:59:01 2007
MD5 Checksum:	d2a1cdd08b0f39cc9d815a3572650b30

/// File Name:	MOAB-29-01-2007.rb.txt
Description:	Month of Apple Bugs - Apple iChat Bonjour functionality is affected by several remotely exploitable denial of service flaws which can be triggered via advertising presence services over multicast DNS. This is the denial of service proof of concept exploit.
Author:	LMH
Homepage:	http://projects.info-pull.com/moab/
File Size:	3488
Last Modified:	Jan 31 05:07:42 2007
MD5 Checksum:	3c46cb42934dba072146951e4a6e1324

/// File Name:	mpsw-rfi.txt
Description:	The Magic Photo Storage website suffers from a remote file inclusion vulnerability.
Author:	k1tk4t
File Size:	1406
Last Modified:	Jan 13 22:57:30 2007
MD5 Checksum:	c874f011c71475bc4ea69e02693e9658

/// File Name:	ms07-004.txt
Description:	MS07-004 VML integer overflow exploit.
Author:	lifeasageek
File Size:	10088
Last Modified:	Jan 20 01:29:02 2007
MD5 Checksum:	d186c842b30e3d7fe7b2b296537cc80f

/// File Name:	MsgEng.py.txt
Description:	Heap overflow exploit for msgeng.exe in Computer Associates BrightStor ARCserve Backup.
Author:	Winny Thomas
Related File:	LS-20060313.pdf
File Size:	3279
Last Modified:	Jan 29 17:35:08 2007
MD5 Checksum:	007fb8db9780785af6cfbae92d4c03d4

/// File Name:	mssploit.txt
Description:	Microsoft Visual C++ 6.0 is prone to a stack based memory corruption vulnerability during the processing of .RC resource files. Exploit included.
Author:	porkythepig
File Size:	8997
Last Modified:	Jan 24 06:56:36 2007
MD5 Checksum:	9f277dc650b5010dbe226aa45d3de9cd

/// File Name:	mybloggie215-xss.txt
Description:	myBloggie version 2.1.5 is susceptible to cross site scripting attacks.
Author:	CorryL
Homepage:	http://www.x0n3-h4ck.org
File Size:	1427
Last Modified:	Jan 20 02:40:26 2007
MD5 Checksum:	748ad0ef345953a0fe74ecf6b9ea2c1c