CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Apple•added 2017/09/25 12:0 a.m.•73 views

About the security content of macOS High Sierra 10.13

About the security content of macOS High Sierra 10.13 This document describes the security content of macOS High Sierra 10.13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

10CVSS0.2AI score0.71517EPSS

Exploits19References1Affected Software1

n0where•added 2017/09/20 5:28 a.m.•51 views

Office for Mac Macro Payload Generator: MacPhish

Attack vectors There are 4 attack vectors available: beacon creds meterpreter meterpreter-grant For the ‘creds’ method, macphish can generate the Applescript script directly, in case you need to run it from a shell. beacon On execution, this payload will signal our listening host and provide basi...

1AI score

Exploits0References2

Metasploit•added 2016/02/01 1:1 a.m.•30 views

Multi Manage Set Wallpaper

This module will set the desktop wallpaper background on the specified session. The method of setting the wallpaper depends on the platform type. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

10AI score

Saint•added 2015/11/02 12:0 a.m.•34 views

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

Saint•added 2015/11/02 12:0 a.m.•28 views

Safari Script Editor AppleScript execution

Saint•added 2015/11/02 12:0 a.m.•28 views

Safari Script Editor AppleScript execution

Saint•added 2015/11/02 12:0 a.m.•36 views

Safari Script Editor AppleScript execution

Exploit DB•added 2015/10/26 12:0 a.m.•35 views

Apple Safari - User-Assisted Applescript Exec Attack (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions of Mac OS X before 10.11.1, the applescript:// URL...

7.5CVSS7.4AI score0.78161EPSS

0day.today•added 2015/10/26 12:0 a.m.•39 views

Safari User-Assisted Applescript Exec Attack Exploit

Exploit for macOS platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions...

7.5CVSS9.1AI score0.78161EPSS

NVD•added 2015/10/23 9:59 p.m.•12 views

CVE-2015-7007

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors...

7.5CVSS8.6AI score0.78161EPSS

Exploits8References5

CVE•added 2015/10/23 9:0 p.m.•60 views

CVE-2015-7007

CVE-2015-7007 affects Apple OS X Script Editor prior to 10.11.1. The vulnerability allows remote attackers to bypass the intended user confirmation for AppleScript execution via unspecified vectors, enabling arbitrary AppleScript execution without user approval. Impact, per sources, is partial co...

7.5CVSS8.3AI score0.78161EPSS

Exploits8References5Affected Software1

Packet Storm•added 2015/10/23 12:0 a.m.•35 views

Safari User-Assisted Applescript Exec Attack

7.5CVSS0.78161EPSS

Metasploit•added 2015/10/22 2:46 p.m.•21 views

Safari User-Assisted Applescript Exec Attack

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by...

7.5CVSS7.2AI score0.78161EPSS

Metasploit•added 2013/08/14 12:35 a.m.•31 views

OSX Password Prompt Spoof

Presents a password prompt dialog to a logged-in OSX user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OSX Password Prompt Spoof', 'Description' = %q Presents a password prompt dialog to a...

ThreatPost•added 2013/04/01 5:44 p.m.•13 views

Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week...

0.3AI score

Exploits0References2

Tenable Nessus•added 2013/03/08 12:0 a.m.•75 views

Adobe InDesign Server RunScript Arbitrary Command Execution

The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or...

6.3AI score