Remote for Mac 2025.6 Unauthenticated UDP Keyboard RCE

This module exploits an unauthenticated remote code execution vulnerability in Remote for Mac 2025.6. When the "Allow unknown devices" setting is enabled, it is possible to simulate keyboard input via UDP packets without authentication. By sending a sequence of key presses, an attacker can open t...

📄 FullControl: Remote for Mac 4.0.5 Remote Command Execution

FullControl Remote for Mac version 4.0.5 is vulnerable to unauthenticated remote command execution vulnerability via TCP port 2846. Attackers on the same network can send crafted packets to simulate keyboard input, allowing command execution without user interaction or authentication. Exploit...

📄 FullControl: Remote for Mac 4.0.5 Remote Code Execution

FullControl: Remote for Mac version 4.0.5 for macOS is vulnerable to unauthenticated remote code execution via TCP port 2846. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...

Mozilla Firefox < 123.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior...

iPhoto < 7.1.2 Format String Vulnerability

The remote host is running a version of iPhoto 7.1 older than version 7.1.2. Such versions are reportedly affected by a format string vulnerability. If an attacker can trick a user on the affected host into subscribing to a specially crafted photocast, these issues could be leveraged to execute...