20 matches found
EUVD-2012-4597
Malware in sbrugna...
EUVD-2004-0871
Malware in sbrugna...
Apple iChat 3.1.6 441 - aim:// URL Handler Format String Exploit PoC
No description provided by source. !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.1//EN http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd html head titleMOAB-20-01-2007/title script function boom var str = ''; for var i = 0; i 20; i++ str = str + escape'A%n'; str = 'aim:gochat?roomname=' + str;...
Apple iChat Server XMPP回拨保护组件安全绕过漏洞
Bugtraq ID:55294 CVE ID:CVE-2012-4672 Apple iChat Server是基于jabberd14,以Apple的iChat在线聊天客户端命名。 Apple iChat Server中的XMPP回拨协议实现存在一个安全缺陷,不正确校验"Verify Response"和"Authorization Response"消息,一个伪造的XMPP服务器可利用此缺陷伪造一个或多个域,当与受影响服务器实现通信时,可导致绕过XMPP服务器回拨保护。 0 Apple iChat Server 厂商解决方案 目前没有详细解决方案提供:...
CVE-2012-4672
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
Server side request forgery (ssrf)
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2012-4672
CVE-2012-4672 corresponds to Apple iChat Server, which is based on jabberd14. The issue is that the server does not verify that a request was made for an XMPP Server Dialback response, allowing a remote XMPP server to spoof domains via responses for domains that were not asserted. This is a fault...
CVE-2012-4672
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
Apple iChat fails to properly handle crafted TXT key hashes
Overview A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Description Apple iChat is an instant message client for Apple Mac OS X. Apple iChat Agent is a back-end process that manages iChat sessions and available contacts. Apple...
Apple iChat AIM URI handler format string vulnerability
Overview Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. Description The Apple iChat AIM URI handler fails to properly sanitize user-controlled data that is supplied to a formatted output function. This...
Apple iChat Bonjour多个拒绝服务漏洞
Apple iChat是捆绑于苹果家族操作系统的视频聊天工具。 iChat的Bonjour功能允许自动发现计算机,该功能中存在几个拒绝服务漏洞。在通过mDNS查询查找可用的联系人时没有任何限制,即使联系人不存在iChat也会添加所广播的presence.tcp记录,因此恶意用户可以广播伪造的记录导致使用Bonjour的iChat用户无法发现更多的对等端,无法进行可靠的通讯。 此外iChat代理在处理特制的TXT密钥哈希时还可能出现异常,导致向进程发送SIGTRAP信号出现崩溃。再次尝试启动iChat Bonjour功能仍会失败,因为mDNSResponder会保留特制的记录。 Apple...
Multiple Apple iChat Bonjour DoS conditions
Multiple problems because of insecure dynamic DNS usage...
Apple iChat Bonjour 3.1.6.441 Multiple Denial of Service Exploit
Exploit for macOS platform in category dos / poc ================================================================ Apple iChat Bonjour 3.1.6.441 Multiple Denial of Service Exploit ================================================================ !/usr/bin/ruby c 2006 Lance M. Havok All Rights...
Format string
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service null pointer dereference and application crash and possibly execute arbitrary code via format string specifiers in an aim:// URI...
CVE-2007-0021
Apple iChat 3.1.6 is affected by a format string vulnerability in the AIM URI handler. A remote attacker could exploit crafted aim:// URIs to cause a denial of service (null pointer dereference) and possibly execute arbitrary code. The issue is remediated by Apple Security Update 2007-002 (Mac OS...
CVE-2007-0021
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service null pointer dereference and application crash and possibly execute arbitrary code via format string specifiers in an aim:// URI...
Apple iChat 3.1.6 v441 aim:// URL Handler Format String Exploit PoC
No description provided by source. !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" html head titleMOAB-20-01-2007/title script function boom var str = ''; for var i = 0; i 20; i++ str = str + escape'A%n'; str = 'aim:gochat?roomname=' + str;...
MOAB-20-01-2007: Apple iChat aim:// URL Handler Format String Vulnerability
Summary Description from the Wikipedia article: AOL Instant Messenger AIM, ICQ, .Mac and Jabber client for Mac OS X. Using a Jabber-like protocol and Bonjour for user discovery, it also allows for LAN communication. iChat's AIM support is fully endorsed by AOL, and uses their official...
CVE-2004-0873
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program...
CVE-2004-0873
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program...