Adobe IndesignServer 5.5 - SOAP Server Arbitrary Script Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Adobe...

Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution

This module abuses the "RunScript" procedure provided by the SOAP interface of Adobe InDesign Server, to execute arbitrary vbscript Windows or applescript OSX. The exploit drops the payload on the server and must be removed manually. This module requires Metasploit: https://metasploit.com/downloa...

Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)

This host is missing an important security update according to Mac OS X 10.6.6 Update/Mac OS X Security Update 2011-001. OpenVAS Vulnerability Test $Id: secpodmacosxsu11-001.nasl 7015 2017-08-28 11:51:24Z teissa $ Mac OS X v10.6.6 Multiple Vulnerabilities 2011-001 Authors: Antu Sanadi Copyright:...

CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a 1 display dialog or 2 display alert command in a dialog in an...

CVE-2011-0173

CVE-2011-0173 describes multiple format-string vulnerabilities in AppleScript and AppleScript Studio dialogs (display dialog/display alert) on Mac OS X prior to 10.6.7. The issues can allow a context-dependent attacker to cause an arbitrary code execution or a denial of service (application crash...

CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a 1 display dialog or 2 display alert command in a dialog in an...

Apple Mac OS X multiple security vulnerabilities

Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation...

About the security content of Mac OS X v10.6.7 and Security Update 2011-001

About the security content of Mac OS X v10.6.7 and Security Update 2011-001 Last Modified: March 21, 2011 Article: HT4581 Email this article Print this page Summary This document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed...

Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerbero...

Mac OS X 10.6 < 10.6.7 Multiple Vulnerabilities

Binary data 800796.prm...

Hardcoded credentials

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

Design/Logic Flaw

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

Apple Mac OS X ARDAgent本地权限提升漏洞

BUGTRAQ ID: 29831 Mac OS X是苹果家族机器所使用的操作系统。 本地攻击者可以通过AppleScript（如osascript）调用Mac OS X的ARDAgent。ARDAgent属于root用户，且设置了setuid位，也就是攻击者可以利用这个漏洞以root权限执行任意shell命令。 目前这个漏洞正在被名为AppleScript.THT的木马积极的利用。一旦用户受骗安装了带有木马的恶意文件，木马就会打开文件共享、Web共享和远程登录。木马的默认文件名为AStht06.app，安装位置/Library/Caches。 Apple Mac OS X 10.5...

Hardcoded credentials

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...

CVE-2008-0060

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...

CVE-2008-0060

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...