Apple CFNetwork HTTP Response Denial of Service Exploit (rb code)

Exploit for macOS platform in category dos / poc ================================================================= Apple CFNetwork HTTP Response Denial of Service Exploit rb code ================================================================= !/usr/bin/ruby c Copyright 2007 Lance M. Havok Proof...

Apple CFNetwork - HTTP Response Denial of Service (Ruby)

Apple CFNetwork - HTTP Response Denial of Service Ruby !/usr/bin/ruby c Copyright 2007 Lance M. Havok Proof of concept for MOAB-25-01-2007. require 'socket' webport = ARGV0 || 80.toi puts "++ Starting HTTP server at port webport." webserver = TCPServer.newnil, webport while session =...

CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI...

CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI...

CVE-2006-4401

CVE-2006-4401 affects CFNetwork in Mac OS X 10.4.8 and earlier. An attacker can lure a user to open a crafted FTP URI, causing the victim’s FTP client to issue arbitrary FTP commands to an accessible server using the user’s credentials. This is a client-side, user-assisted vulnerability that enab...

Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI

Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...

Mac OS X Multiple Vulnerabilities (Security Update 2006-007)

The remote host is running a version of Mac OS X which does not have the security update 2006-007 applied. Security Update 2006-007 contains several security fixes for the following programs : - AirPort - ATS - CFNetwork - Finder - Font Book - Font Importer - Installer - OpenSSL - PHP - PPP - Sam...

Apple Mac OS X多个命令执行及拒绝服务漏洞

Apple Mac OS X是苹果家族机器所使用的操作系统。 Apple Mac OS X的多个组件存在漏洞，攻击者可能利用这些漏洞导致执行命令或拒绝服务。 1. CFNetwork的客户端（比如Safari）允许建立匿名的SSL连接，远程非认证的SSL站可以利用这个漏洞使之看起来是认证过的。 2. Flash播放器存在漏洞，远程攻击者可能利用此漏洞执行任意命令。 3. ImageIO在处理畸形的JPEG2000图像时存在缓冲区溢出漏洞，攻击者可能利用此漏洞执行任意指令。 4. Kernel Mach中存在漏洞可以使恶意用户以高权限执行任意命令。 5...

CVE-2006-4390

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted...

CVE-2006-4390

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted...

CVE-2006-4390

Concrete details found: CVE-2006-4390 affects CFNetwork in Mac OS X 10.4.x (10.4.0–10.4.7) and 10.3.9, where SSL encryption could mislead users into trusting remote sites (lock icon may display without proper identity). The issue is mitigated by Mac OS X 10.4.8 Security Update, which fixes multip...

[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22187 VERIFY ADVISORY: http://secunia.com/advisories/22187/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: From...

Mac OS X Multiple Vulnerabilities (Security Update 2006-006)

The remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore C Tenable Network Security, Inc. if...

Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager C Tenabl...

Integer overflow

Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding...

CVE-2006-1441

CVE-2006-1441: Affected software is Apple Mac OS X 10.4.6 CFNetwork. The vulnerability is an integer overflow in CFNetwork triggered by crafted chunked transfer encoding, allowing remote attackers to execute arbitrary code. No exploit details or specific patch/version remediation are provided in ...

CVE-2006-1441

Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding...

[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...