LMH

34 exploits Active since Sep 2006
CVE-2007-0197 EXPLOITDB ruby WORKING POC
Finder 10.4.6 on Mac OS X 10.4.8 - DoS and RCE via Long Volume Name in DMG
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
CVE-2007-0236 EXPLOITDB c WORKING POC
Apple Mac OS X 10.4.8 - Remote Code Execution via Crafted AppleTalk Request
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
EIP-2026-104557 EXPLOITDB text WRITEUP
Apple Mac OSX 10.4.8 - DMG HFS+ DO_HFS_TRUNCATE Denial of Service
CVE-2007-0015 EXPLOITDB ruby WORKING POC
Apple QuickTime 7.1.3 - Remote Code Execution via Long RTSP URI
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
EIP-2026-103683 EXPLOITDB html WORKING POC
Transmit 3.5.5 - Remote Heap Overflow
CVE-2006-4965 EXPLOITDB ruby WORKING POC
Apple QuickTime 7.1.3 - Remote Code Execution via QuickTime Media Link File
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVE-2006-5757 EXPLOITDB text WRITEUP
Linux Kernel - Denial of Service via ISO9660 Filesystem Race Condition
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
CVE-2007-0103 EXPLOITDB text WRITEUP
Adobe Acrobat Reader < 7.0.8 - Remote Code Execution via Crafted PDF Catalog Dictionary
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
CVE-2006-5701 EXPLOITDB text WRITEUP
Linux Kernel 2.6.x - Denial of Service via SquashFS Double Free
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.