Lance M. Havok

11 exploits Active since Jan 2007
CVE-2007-0613 EXPLOITDB ruby WORKING POC
iChat 3.1.6 - Denial of Service via Duplicate mDNS Query Flood
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
CVE-2007-0614 EXPLOITDB ruby WORKING POC
iChat 3.1.6 - Denial of Service via Crafted Bonjour TXT Key
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
EIP-2026-113491 EXPLOITDB ruby WORKING POC
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
CVE-2007-0344 EXPLOITDB ruby WORKING POC
Colloquy < 2.1 - Remote Code Execution via Format String in INVITE Channel Name
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
CVE-2007-0467 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-0464 EXPLOITDB ruby WORKING POC
CFNetwork 129.19 - Denial of Service via Crafted HTTP 301 Response
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.
EIP-2026-104586 EXPLOITDB ruby WORKING POC
Apple Mac OSX 10.4.8 - System Preferences Privilege Escalation
CVE-2007-0019 EXPLOITDB ruby WORKING POC
Rumpus FTP Server < 5.1 - Authenticated Remote Code Execution via Long LIST Command
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
CVE-2007-0023 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
CVE-2007-0710 EXPLOITDB ruby WORKING POC
iChat - Denial of Service via Bonjour Functionality
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
CVE-2007-0355 EXPLOITDB ruby WORKING POC
Apple Minimal SLP Service Agent - Buffer Overflow via Invalid Attr-List Field
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.