MoAB

21 exploits Active since Jan 2007
CVE-2007-0059 EXPLOITDB ruby WORKING POC
Apple QuickTime 3-7.1.3 - Remote Code Execution via HREFTrack Local URI
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
CVE-2007-0464 EXPLOITDB ruby WORKING POC
CFNetwork 129.19 - Denial of Service via Crafted HTTP 301 Response
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.
CVE-2007-0021 EXPLOITDB html WORKING POC
Apple iChat 3.1.6 - Format String Vulnerability via aim:// URI
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.
CVE-2007-0710 EXPLOITDB ruby WORKING POC
iChat - Denial of Service via Bonjour Functionality
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
CVE-2007-0197 EXPLOITDB ruby WORKING POC
Finder 10.4.6 on Mac OS X 10.4.8 - DoS and RCE via Long Volume Name in DMG
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
CVE-2007-0236 EXPLOITDB c WORKING POC
Apple Mac OS X 10.4.8 - Remote Code Execution via Crafted AppleTalk Request
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
CVE-2007-0355 EXPLOITDB ruby WORKING POC
Apple Minimal SLP Service Agent - Buffer Overflow via Invalid Attr-List Field
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
CVE-2007-0344 EXPLOITDB ruby WORKING POC
Colloquy < 2.1 - Remote Code Execution via Format String in INVITE Channel Name
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
CVE-2007-0051 EXPLOITDB ruby WORKING POC
Apple iPhoto < 6.0.6 - Remote Code Execution via Crafted Photocast RSS Feed Title
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
CVE-2007-0148 EXPLOITDB html WORKING POC
OmniWeb 5.5.1 - Remote Code Execution via JavaScript Alert Format String
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
CVE-2007-0017 EXPLOITDB perl WORKING POC
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVE-2007-0467 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-0023 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CVE-2007-0117 EXPLOITDB ruby WORKING POC
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
EIP-2026-104586 EXPLOITDB ruby WORKING POC
Apple Mac OSX 10.4.8 - System Preferences Privilege Escalation
CVE-2007-0162 EXPLOITDB ruby WORKING POC
Unsanity APE 2.0.2 - Privilege Escalation
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
CVE-2007-0019 EXPLOITDB ruby WORKING POC
Rumpus FTP Server < 5.1 - Authenticated Remote Code Execution via Long LIST Command
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
CVE-2007-0017 EXPLOITDB perl WORKING POC
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVE-2007-0020 EXPLOITDB html WORKING POC
Panic Transmit < 3.5.5 - Remote Code Execution via Long FTPS URL
Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.
CVE-2007-0015 EXPLOITDB ruby WORKING POC
Apple QuickTime 7.1.3 - Remote Code Execution via Long RTSP URI
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.