Mac OS X

Oracle Java AtomicReferenceArray Type Confusion Exploit

Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

SugarCRM CE unserialize PHP Code Execution Exploit

The vulnerability is caused by scripts using "unserialize()" with user controlled input. This can be exploited to execute arbitrary PHP code via the "__destruct()" method of the "SugarTheme" class or passing an ad-hoc serialized object through the $_REQUEST['current_query_by_page'] input variable.

Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit

The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.

Oracle Java Dynamic Binding Remote Code Execution Exploit Update

An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This update adds the CVE number to the exploit.

Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote DoS

This module exploits a vulnerability in Mac OS X Directory Service Proxy by sending a crafted packet to port TCP 625, causing a denial of service effect.

Oracle Java Driver Manager Remote Code Execution Exploit

This module exploits a vulnerability in Oracle Java taking advantages of the java.sql.DriverManager class. The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. This vulnerability was one of the 2013's Pwn2Own challenges.

Apple Mac OS X DirectoryService AllocFromProxyStruct Buffer Underflow DoS

This module exploits a vulnerability in the Mac OS X DirectoryService by sending a specially crafted packet to the 625/TCP port.

Oracle Java Dynamic Binding Remote Code Execution Exploit

An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit

This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.

Oracle Java 7U11 JMX Remote Code Execution Exploit

The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.