Lucene search
+L

3063 matches found

Prion
Prion
added 2011/11/15 6:55 p.m.31 views

Design/Logic Flaw

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Appl...

7.6CVSS6.5AI score0.03537EPSS
Exploits12References2Affected Software1
Prion
Prion
added 2011/11/15 6:55 p.m.26 views

Design/Logic Flaw

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...

7.6CVSS8.7AI score0.03537EPSS
Exploits12References2Affected Software1
Cvelist
Cvelist
added 2011/11/15 6:0 p.m.40 views

CVE-2008-7303

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...

8.8AI score0.03537EPSS
Exploits1References2
CVE
CVE
added 2011/11/15 6:0 p.m.58 views

CVE-2011-1516

Technical details about CVE-2011-1516 are not publicly available in the provided connected documents. The supplied materials discuss related SAP NetWeaver vulnerabilities and do not furnish Apple Mac OS X sandbox profile specifics, impacts, or fixes.

7.6CVSS8.5AI score0.03533EPSS
Exploits11References2Affected Software1
Cvelist
Cvelist
added 2011/11/15 6:0 p.m.37 views

CVE-2011-1516

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Appl...

8.8AI score0.03533EPSS
Exploits11References2
Packet Storm
Packet Storm
added 2011/11/11 12:0 a.m.66 views

Apple OS X Sandbox Predefined Profiles Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...

7.6CVSS0.03533EPSS
Exploits11
seebug.org
seebug.org
added 2011/11/11 12:0 a.m.61 views

Apple OS X Sandbox Predefined Profiles Bypass

No description provided by source. Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL: http://www.coresecurity.com/content/apple-osx-sandbox-bypass Date published: 2011-11-10 Date of...

7.6CVSS9.5AI score0.03533EPSS
Exploits11
ThreatPost
ThreatPost
added 2011/11/10 3:20 p.m.9 views

Facebook And Twitter Erode Your Company's Security From Within. Here's How To Stop It.

The “up side” of social networks like Facebook, Twitter and G+ are well known. But the down side of these networks for both users and for organizations that employ them are only now becoming clear. Worms, malware and spam are just the beginning of the security problems engendered by the social ne...

6.9AI score
Exploits0References3
Packet Storm
Packet Storm
added 2011/11/02 12:0 a.m.26 views

Prosieben Community Code Injection

Title: ====== Prosieben Community Website - Persistent Script Code Inject Date: ===== 2011-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=306 VL-ID: ===== 306 Abstract: ========= The Vulnerability Lab Research Team discovered a persistent script code injection...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2011/11/01 9:50 p.m.57 views

Windows Gather Credentials IMVU Game Client

This module extracts account username & password from the IMVU game client and stores it as loot. -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Credentials...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2011/10/14 10:0 a.m.30 views

CVE-2011-3430

The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display...

5.7AI score0.01754EPSS
Exploits0References4
seebug.org
seebug.org
added 2011/08/29 12:0 a.m.18 views

WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Profiles plugin = 2.0 RC1 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/profiles.2.0.RC1.zip Version: 2.0 RC1 tested Note:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/08/28 12:0 a.m.9 views

WordPress Plugin Profiles 2.0 RC1 - SQL Injection

WordPress Plugin Profiles 2.0 RC1 - SQL Injection Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...

0.6AI score
Exploits0
Patchstack
Patchstack
added 2011/08/28 12:0 a.m.8 views

WordPress Profiles Plugin <= 2.0 RC1 - SQL Injection

WordPress Profiles plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.4AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2011/08/28 12:0 a.m.25 views

WordPress Profiles 2.0 RC1 SQL Injection

Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/08/28 12:0 a.m.33 views

WordPress Plugin Profiles 2.0 RC1 - SQL Injection

Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2011/08/10 5:48 p.m.39 views

Windows Gather SmartFTP Saved Password Extraction

This module finds saved login credentials for the SmartFTP FTP client for windows. It finds the saved passwords and decrypts them. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class...

10AI score
Exploits0
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.44 views

CentOS Update for ghostscript CESA-2009:0420 centos4 i386

Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2009:0420 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

9.3CVSS7.9AI score0.0484EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2011/08/05 3:52 p.m.12 views

How Facebook and Facial Recognition Are Creating a Minority Report-Style Privacy Meltdown

Researchers at the annual Black Hat Briefings in Las Vegas have demonstrated how cloud computing, facial recognition technology, Facebook, a freely available personal information can be used to match faces in a crowd to detailed online profiles. The demonstration brings us closer to the brink of ...

6.7AI score
Exploits0References2
Metasploit
Metasploit
added 2011/07/28 10:39 p.m.38 views

Multi Gather FileZilla FTP Client Credential Collection

This module will collect credentials from the FileZilla FTP client if it is installed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Multi Gather FileZilla FTP Client...

7.1AI score
Exploits0
Rows per page
Query Builder