LMH

34 exploits Active since Sep 2006
CVE-2006-5216 METASPLOIT ruby WORKING POC
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
CVE-2006-5216 EXPLOITDB ruby WORKING POC
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
EIP-2026-115456 EXPLOITDB c WORKING POC
Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption
CVE-2006-5726 EXPLOITDB text WRITEUP
Solaris 10 - Denial of Service via Malformed UFS Filesystem Mount
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
EIP-2026-104610 EXPLOITDB text WRITEUP
Apple Mac OSX 10.4.8 - DMG UFS Byte_Swap_Sbin() Integer Overflow
CVE-2007-0059 EXPLOITDB ruby WORKING POC
Apple QuickTime 3-7.1.3 - Remote Code Execution via HREFTrack Local URI
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
CVE-2007-0229 EXPLOITDB text WRITEUP
Mac OS X 10.4.8 - Local Denial of Service and Privilege Escalation via Crafted DMG Image
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
CVE-2007-0267 EXPLOITDB text WRITEUP
Mac OS X 10.4.8 - Denial of Service via Crafted UFS DMG Image
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.
CVE-2007-0462 EXPLOITDB text WRITEUP
Apple QuickTime - Remote Code Execution via Malformed PICT Image ARGB Record
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
CVE-2006-6062 EXPLOITDB text WRITEUP
Apple Mac OS X 10.4.8 - Denial of Service via Malformed UDTO HFS+ Disk Image
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
CVE-2006-6062 EXPLOITDB text WRITEUP
Apple Mac OS X 10.4.8 - Denial of Service via Malformed UDTO HFS+ Disk Image
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
CVE-2007-0647 EXPLOITDB text WORKING POC
macOS Help Viewer 3.0.0 - Denial of Service via Format String in Filename
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
CVE-2007-0645 EXPLOITDB text WORKING POC
iPhoto 6.0.5 - Denial of Service via Format String in Filename
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
CVE-2007-0644 EXPLOITDB text WRITEUP
Apple Safari 2.0.4 - Denial of Service via Format String in Filename Handling
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
CVE-2007-0051 EXPLOITDB ruby WORKING POC
Apple iPhoto < 6.0.6 - Remote Code Execution via Crafted Photocast RSS Feed Title
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
CVE-2007-0148 EXPLOITDB html WORKING POC
OmniWeb 5.5.1 - Remote Code Execution via JavaScript Alert Format String
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CVE-2006-6173 EXPLOITDB c WORKING POC
Mac OS X < 10.4.6 - Local Buffer Overflow in shared_region_make_private_np
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.
CVE-2006-6130 EXPLOITDB c WORKING POC
Apple Mac OS X - Denial of Service via AIOCREGLOCALZN ioctl Command
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
CVE-2006-6129 EXPLOITDB text WRITEUP
Mac OS X - Denial of Service and Possible Remote Code Execution via Crafted Mach-O Universal Program
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.
CVE-2007-0162 EXPLOITDB ruby WORKING POC
Unsanity APE 2.0.2 - Privilege Escalation
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
CVE-2007-0646 EXPLOITDB text WORKING POC
iMovie HD 6.0.3 and Safari in Mac OS X 10.4-10.4.10 - Denial of Service via Format String in Filename
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
EIP-2026-104547 EXPLOITDB c WORKING POC
OpenBSD 4.0 - 'vga' Local Privilege Escalation
CVE-2007-0465 EXPLOITDB text WORKING POC
Apple Installer 2.1.5 - Remote Code Execution via Format String in Package Filename
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.