ClickFix finds a new way to infect Macs

ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers found that ClickFix has kept the same social engineering playbook but completely sidestepped Terminal by using the applescript:// URL...

EUVD-2008-4197

Malware in sbrugna...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)

Exploit Title: Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 - Remote Code Execution RCE Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web...

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensat...

Shopify: Script Editor preview token still working with uninstalled application, even for unpublished script

Within the Script Editor application, it is possible to preview a script on the storefront and proceed to purchase. Once the user click on the preview link, it opens https://shop.myshopify.com/admin/scripts/preview?scriptid=scriptid which then generate a preview token to be used by the storefront...

CVE-2019-13597

s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...

CVE-2015-8258

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...

Design/Logic Flaw

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...

AXIS Communications - Cross-Site Scripting Content Injection

AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...

AXIS Communications XSS / Content Inclusion

0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...

Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities

Binary data 9324.prm...

Apple OS X Script Editor限制绕过漏洞

No description provided by source...

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

Safari Script Editor AppleScript execution

Added: 11/02/2015 CVE: CVE-2015-7007 BID: 77266 Background Safari is a web browser for Mac OS X and Windows. Problem A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari...

Apple OS X Script Editor Restriction Bypass Vulnerability

OS X formerly Mac OS X is the latest version of Apple's proprietary operating system for the Macintosh computer. iOS is an operating system developed by Apple for mobile devices. A security vulnerability exists in Script Editor in Apple OS X versions prior to 10.11.1. A remote attacker could...

CVE-2015-7007

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors...

Design/Logic Flaw

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors...

CVE-2015-7007

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors...

CVE-2015-7007

CVE-2015-7007 affects Apple OS X Script Editor prior to 10.11.1. The vulnerability allows remote attackers to bypass the intended user confirmation for AppleScript execution via unspecified vectors, enabling arbitrary AppleScript execution without user approval. Impact, per sources, is partial co...