3063 matches found
Design/Logic Flaw
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Appl...
Design/Logic Flaw
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...
CVE-2008-7303
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...
CVE-2011-1516
Technical details about CVE-2011-1516 are not publicly available in the provided connected documents. The supplied materials discuss related SAP NetWeaver vulnerabilities and do not furnish Apple Mac OS X sandbox profile specifics, impacts, or fixes.
CVE-2011-1516
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Appl...
Apple OS X Sandbox Predefined Profiles Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...
Apple OS X Sandbox Predefined Profiles Bypass
No description provided by source. Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL: http://www.coresecurity.com/content/apple-osx-sandbox-bypass Date published: 2011-11-10 Date of...
Facebook And Twitter Erode Your Company's Security From Within. Here's How To Stop It.
The “up side” of social networks like Facebook, Twitter and G+ are well known. But the down side of these networks for both users and for organizations that employ them are only now becoming clear. Worms, malware and spam are just the beginning of the security problems engendered by the social ne...
Prosieben Community Code Injection
Title: ====== Prosieben Community Website - Persistent Script Code Inject Date: ===== 2011-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=306 VL-ID: ===== 306 Abstract: ========= The Vulnerability Lab Research Team discovered a persistent script code injection...
Windows Gather Credentials IMVU Game Client
This module extracts account username & password from the IMVU game client and stores it as loot. -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Credentials...
CVE-2011-3430
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display...
WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Profiles plugin = 2.0 RC1 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/profiles.2.0.RC1.zip Version: 2.0 RC1 tested Note:...
WordPress Plugin Profiles 2.0 RC1 - SQL Injection
WordPress Plugin Profiles 2.0 RC1 - SQL Injection Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...
WordPress Profiles Plugin <= 2.0 RC1 - SQL Injection
WordPress Profiles plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Profiles 2.0 RC1 SQL Injection
Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...
WordPress Plugin Profiles 2.0 RC1 - SQL Injection
Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...
Windows Gather SmartFTP Saved Password Extraction
This module finds saved login credentials for the SmartFTP FTP client for windows. It finds the saved passwords and decrypts them. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class...
CentOS Update for ghostscript CESA-2009:0420 centos4 i386
Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2009:0420 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
How Facebook and Facial Recognition Are Creating a Minority Report-Style Privacy Meltdown
Researchers at the annual Black Hat Briefings in Las Vegas have demonstrated how cloud computing, facial recognition technology, Facebook, a freely available personal information can be used to match faces in a crowd to detailed online profiles. The demonstration brings us closer to the brink of ...
Multi Gather FileZilla FTP Client Credential Collection
This module will collect credentials from the FileZilla FTP client if it is installed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Multi Gather FileZilla FTP Client...