Mac OS X

Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit Update

The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.

Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit Update

This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ). Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.

Sun Java Runtime Environment Trusted Methods Chaining Exploit

The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces.

Sun Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

This module exploits a privilege escalation vulnerability in Sun Java. The specific flaw exists within the deserialization of RMIConnectionImpl objects. Due to a lack of privilege checks during deserialization it is possible to supply privileged code in the ClassLoader of a constructor being deserialized. This allows for a remote attacker to call system level Java functions without proper sandboxing. Exploitation of this can lead to remote system compromise under the context of the currently logged in user.

VLC Media Player MKV File Memory Corruption Exploit

This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player and earlier allowing remote attackers to execute arbitrary code via a MKV media file.

NetSupport Manager Agent Buffer Overflow Exploit

This module exploits a stack based buffer overflow in Netsupport Agent via a long control hostname to TCP port 5405.

Mac OS X i386_set_ldt Vulnerability Local Privilege Escalation Exploit

This module exploits a vulnerability on "i386_set_ldt" function of "mach_kernel" creating a "call gate" entry in the LDT.

Phpmyadmin error BBcode Injection Exploit

In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.