Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=977 syslogd running as root hosts the com.apple.system.logger mach service. It's part of the system.sb sandbox profile and so reachable from a lot of sandboxed contexts. Here's a snippet from its mach message handling loop...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

Directory traversal

Multiple directory traversal vulnerabilities in Project-Based Calendaring System PBCS 0.7.1-1 allow remote attackers to read arbitrary files via a .. dot dot in the filename parameter to 1 src/yopysync.php and 2 system-logger/printlogs.php...

pbcs-multi.txt

Project Based Calendaring System PBCS Version 0.7.1 Multiple Vulnerabilities Script: http://www.pbcs.org/pbcsdownload.php Poc : Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script 1- remote file upload http://localhost/pbcs-0.7.1-1/src/yopyupload.php after upload you can get you fi...