Mac OS X

Basilic diff PHP Code Execution Exploit

This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

WeBid converter Remote Code Execution Exploit

Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code.

Mantis Manage_proj_page Remote Code Execution Exploit Update 5

This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the OSX platform.

Mantis Manage_proj_page Remote Code Execution Exploit Update 4

This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the AIX platform.

Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit

The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges.

Apple Mac OS X ATSServer CFF CharStrings INDEX Sign Mismatch Exploit

A sign mismatch error exist in ATSServer when handling the last offset value of the CharStrings INDEX structure.

Apache Struts 2 devMode OGNL Remote Code Execution Exploit Update

The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. This update fixes the CVE identifier associated with the vulnerabil

Apache Struts 2 devMode OGNL Remote Code Execution Exploit

The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.

Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer DoS

This module exploits a vulnerability in Apple CUPS, when handling the IPP_TAG_UNSUPPORTED which could be exploited by attackers to cause a remote pre-authentication denial of service.

Apple CUPS HP-GL2 filter Remote Code Execution Exploit Update

This module exploits a specific flaw in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid. -Linux Support added