Kevin Finisterre

64 exploits Active since Dec 2000
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CVE-2007-0355 EXPLOITDB ruby WORKING POC
Apple Minimal SLP Service Agent - Buffer Overflow via Invalid Attr-List Field
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
CVE-2006-1470 EXPLOITDB perl WORKING POC
Apple Mac OS X 10.4-10.4.6 - Denial of Service via Invalid LDAP Request
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
CVE-2007-0051 EXPLOITDB ruby WORKING POC
Apple iPhoto < 6.0.6 - Remote Code Execution via Crafted Photocast RSS Feed Title
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
CVE-2007-0017 EXPLOITDB perl WORKING POC
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVE-2005-0716 EXPLOITDB perl WORKING POC
Mac OS X 10.3.5-10.3.6 - Local Buffer Overflow via CF_CHARSET_PATH Environment Variable
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
EIP-2026-104581 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String
EIP-2026-104582 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String
EIP-2026-104583 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.7 (PPC) - 'fetchmail' Local Privilege Escalation
EIP-2026-104584 EXPLOITDB perl WORKING POC
Apple Mac OSX 10.4.7 (x86) - 'fetchmail' Local Privilege Escalation
EIP-2026-104585 EXPLOITDB bash WORKING POC
Apple Mac OSX 10.4.7 - fetchmail Privilege Escalation
CVE-2006-4392 EXPLOITDB perl WORKING POC
Mac OS X 10.4-10.4.7 - Local Privilege Escalation via Mach Exception Port Manipulation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
CVE-2007-0467 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-0023 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
EIP-2026-104586 EXPLOITDB ruby WORKING POC
Apple Mac OSX 10.4.8 - System Preferences Privilege Escalation
CVE-2007-0753 EXPLOITDB text WRITEUP
macOS 10.3.9 and 10.4.9 - Local Remote Code Execution via VPN Daemon Format String
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2006-6131 EXPLOITDB perl WORKING POC
Kerio WebSTAR <5.4.2 - Privilege Escalation
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVE-2007-1227 EXPLOITDB perl WORKING POC
McAfee VirusScan for Mac <7.7 - Privilege Escalation
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
CVE-2007-0019 EXPLOITDB ruby WORKING POC
Rumpus FTP Server < 5.1 - Authenticated Remote Code Execution via Long LIST Command
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
CVE-2007-0017 EXPLOITDB perl WORKING POC
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVE-2005-2715 EXPLOITDB perl WORKING POC
VERITAS NetBackup 4.5FP/4.5MP/5.0-6.0 - Remote Code Execution via Java UI Format String
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command.
CVE-2007-5926 EXPLOITDB text WORKING POC
OpenBase <10.0.5 - Command Injection
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
CVE-2007-0015 EXPLOITDB ruby WORKING POC
Apple QuickTime 7.1.3 - Remote Code Execution via Long RTSP URI
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
CVE-2005-3523 EXPLOITDB perl WORKING POC
gpsdrive < 2.09 - Remote Code Execution via Format String in Friendsd2 Direction Field
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.