7 matches found
Apple Mac OS X UserNotificationCenter privilege escalation vulnerability
Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...
Cross site request forgery (csrf)
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa...
CVE-2007-0023
CVE-2007-0023 affects Apple Mac OS X 10.4.8: the CFUserNotificationSendRequest function in UserNotificationCenter may be exploited when used with diskutil to run a malicious InputManager in a user’s Library/InputManagers, leading to local privilege escalation as Cocoa applications notify users. T...
MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability
Summary The following description about CFUserNotification is available from Apple's Mac OS X Core Foundation reference: A CFUserNotification object presents a simple dialog on the screen and optionally receives feedback from the user. The contents of the dialog can include a header, a message, a...
Apple Mac OS X UserNotificationCenter privilege escalation
Application doesn't droup wheel group privileges...
Mac OS X 10.4.8 (UserNotificationCenter) Privilege Escalation Exploit
Exploit for macOS platform in category local exploits ===================================================================== Mac OS X 10.4.8 UserNotificationCenter Privilege Escalation Exploit ===================================================================== !/usr/bin/ruby Copyright c 2007 Kev...
Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation
!/usr/bin/ruby Copyright c 2007 Kevin Finisterre Lance M. Havok All pwnage reserved. "Exploit" for MOAB-22-01-2007: All your crash are belong to us. require 'fileutils' bugselected = ARGV0 || 0.toi INPUTMANAGERURL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007im.tar.gz" keeping a...