30 matches found
EUVD-2018-15965
Malware in sbrugna...
EUVD-2018-15940
Malware in sbrugna...
CVE-2024-54128
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application...
CVE-2024-54128 Directus has an HTML Injection in Comment
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application...
CVE-2024-54128
Directus (Comment feature) is vulnerable to HTML injection because a client-side filter for restricted characters can be bypassed. The CVE notes that this bypass enables injection of HTML content, with documented impact and a fix in versions 10.13.4 and 11.2.0. Affected components: Directus core ...
CVE-2018-4178
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4...
CVE-2017-7151
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4...
Apple macOS High Sierra AMD Input Validation Vulnerability
Apple macOS High Sierra is a suite of specialized operating systems developed for Mac computers by Apple, Inc. AMD is one of the AMD product components. An input validation vulnerability exists in AMD in Apple macOS High Sierra version 10.13.4. An attacker could exploit the vulnerability to execu...
Apple macOS High Sierra CUPS Sandbox Bypass Vulnerability (CNVD-2019-01546)
Apple macOS High Sierra is a suite of specialized operating systems developed by Apple for Mac computers.CUPS is one of the open source printing system components for OS X and Unix-like systems. A security vulnerability exists in the CUPS component in Apple macOS High Sierra version 10.13.4. An...
Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities
Tyler Bohan of Cisco Talos discovered this vulnerability. Executive Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds...
Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Apple macOS 10.13.4 - Denial of Service Exploit
Exploit for macOS platform in category dos / poc Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 P...
Apple macOS 10.13.4 Denial Of Service
Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Date: 2019-09-10 Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 POC :...
CVE-2018-4187
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message...
MacOS/iOS kernel heap overflow due to lack of lower size check in getvolattrlist(CVE-2018-4243)
getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffer for attribute results. Note that since we won't ever copy out more than the caller...
Apple Mac OS X Security Updates (HT208849)-02
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Yosoro 1.0.4 Remote Code Execution
Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...
Yosoro 1.0.4 - Remote Code Execution Vulnerability
Exploit for macOS platform in category web applications Exploit title: Yosoro 1.0.4 - Remote Code Execution Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version:...
Apple iOS and macOS High Sierra Mail Man-in-the-Middle Attack Vulnerability
Apple iOS and macOS High Sierra are products of Apple Inc. Apple iOS is an operating system for mobile devices; macOS High Sierra is a specialized operating system for Mac computers. mail is one of the email components. A security vulnerability exists in the Mail component of Apple iOS before 11....