Advisories     Hack.lu     Bluetooth

50. DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS'

49. DMA[2007-0107a] - 'OmniWeb Javascript Alert Format String Vulnerabiity

48. DMA[2007-0104a] - 'iLife iPhoto Photocasting Format String Vulnerability'

47. DMA[2007-0102a] - 'VLC Media Player Format String Vulnerability'

46. QuickTimeSlayer-NX-bypass.pl - 'Proof of Concept exploit for CVE-2007-0015'

45. DMA[2006-1115a] - 'Kerio WebSTAR local privilege escalation'
      kerio_WebSTAR_pwn.pl - 'Kerio WebSTAR local root exploit'

44. Macrocosm.tar.gz - 'Macrocosm (detected as OSX.PopUp.gen) brings the Windows web browsing
      experience to the Apple Macintosh platform. Just drop this in ~/Library/InputManagers via the
      latest Safari sploit. This is the code that the media has dubbed as "iAdware" and "Cosmac" '

43. DMA[2006-1107a] - 'OpenBase SQL multiple vulnerabilities Part Deux'
      openexec_duh.pl - 'Xcode WebObjects / OpenBase system() root exploit Part Deux'
      openexec_createfile.pl - 'Xcode WebObjects / OpenBase rw-rw-rw symlink root exploit Part Deux'

42. DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'
      pwntego.tar.gz - 'pwntego definitions bypass script'

41. hack.lu - 'Bluetooth Hacking revisited (Mac Demo Code)'
      WHATSTHIS.txt - 'you betta axe some body!'
      GenerationTwo-10.3-final.tar.gz - 'InqTana GenerationTwo Autorooter for 10.3'
      GenerationTwo-10.4-final.tar.gz - 'InqTana GenerationTwo Autorooter for 10.4'
      code is demonstrated in http://books.mcgraw-hill.com/getbook.php?isbn=0072262583

40. DMA[2006-1016a] - 'Apple Xcode WebObjects / OpenBase SQL multiple vulnerabilities'
      Xcode_OpenBase_pwn.pl - 'Xcode WebObjects / OpenBase system() root exploit '
      Xcode_OpenBase_createfile.pl - 'Xcode WebObjects / OpenBase rw-rw-rw symlink root exploit '

39. excploit-skiddie.patch - '10.3.x patch for excploit.c found at http://blogs.23.nu/ilja/'

38. authopen-CF_CHARSET.pl - 'retro Apple OSX CF_CHARSET_PATH exploit '

37. DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'
      getpwnedmail-ppc.pl - '/usr/bin/fetchmail stack overwrite (ppc)'
      getpwnedmail-x86.pl - '/usr/bin/fetchmail stack overwrite (x86 + NX) '
      gotpwnedagainmail.sh - 'Previously undisclosed issue with usage system() '

36. ZDI-06-023, ZDI-06-024 - 'eIQnetworks ESA multiple vulnerabilities'
      eiQ_multi.pl - 'Exploit for Astaro, Fortinet, Sidewinder G2 and eiQ ESA Software'
      eiQ_syslog.pl - 'Exploit for Sidewinder G2 / eiQ ESA syslog server'


35. DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability'
      FailureToLaunch.pl - '/sbin/launchd dyld_stub overwrite (x86 + NX)'
      FailureToLaunch-ppc.pl - '/sbin/launchd saved ret overwrite (ppc) '

34. NonExecutableLovin.txt - 'Non eXecutable Stack Lovin on OSX86'
      dyld_stub_overwrites.tar.gz - 'dyld_stub___cxa_finalize() overwrite example'

33. DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'

32. DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'

31. DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow'
      SuperTastey.pl - 'Super Tastey RFC1740 Poc for Mail.app'

30. 'InqTanaThroughTheEyes.txt - 'InqTana Through the eyes of Dr. Frankenstein'
      InqTana-ABC.tgz - 'Code that was sent to A/V companies'

29. 'DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow'

28. 'DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal'

27. 'DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping'

26. BluePIMped.txt - 'have you ever been BluePIMped? - Exploiting The Widcomm BTStackServer '
      BluePIMped.diff - 'ussp-push-0.4 patch - exploit for Widcomm BTStackServer'

25. DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability'
      DMA[2005-1112a-ex] - 'sobexsrv.pl - exploit for trifinite.group sobexsrv'

24. DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow'
      DMA[2005-1112a-ex] - 'SF_multi.pl - exploit for Veritas Storage Foundation'

23. DMA[2005-1104a] - 'GpsDrive friendsd2 format string vulnerability'
      DMA[2005-1104a-ex] - 'gpsdrive-ex-long-ppc.pl - exploit for friendsd2 ppc'
      DMA[2005-1104a-ex2] - 'gpsdrive-ex-short-x86.pl - exploit for friendsd2 x86'

22. VERITAS-Linux.pl.gpg - 'Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (linux)'
      pass: allaroundthemulberrybush

21. VERITAS-OSX.pl.gpg - 'Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (OSX)'
      pass: themonkeychasedtheweasel

20. VERITAS-WIN32.pl.gpg - 'Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (WIN32)'
      pass: apennyforaneedle

19. DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()'

18. DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse'

17. DMA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()'

16. DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow'
      DMA[2005-0712a-ex] - 'btftp-ex.c - remote exploit for btftp'

15. Schily-Root.tar - 'Exploit for Schillix OpenSolaris ld.so found by venglin'

14. DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow'
      DMA[2005-0614a-ex] - 'virobot_ex.pl - remote exploit for Virobot server'

13. Bluetooth_dot_dot.txt - Update on dot dot attacks against Bluetooth devices

12. DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities'

11. DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite'
      DMA[2005-0501a-ex] - 'ex_ceterm.c - exploit for ARPUS/ce logging'
      DMA[2005-0501a-ex2] - 'ce_ex.pl - exploit for ARPUS/ce overflow'
      DMA[2005-0501a-ex3] - 'ce_ex2.pl - exploit for ARPUS/ce overflow #2'

10. DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities'
      DMA[2005-0425a-ex] - 'ex_arcgis.c - exploit for ArcGIS 9.x on Solaris 10'

9. DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow'

8. DMA[2005-0412a] - 'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal'
    DMA[2005-0412a-ex] - 'obextool.patch2 - exploit for Widcomm Bluetooth Package'

7. DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal'
    DMA[2005-0401a-ex] - 'obextool.patch - exploit for BlueSoleil Bluetooth Package'

6. DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'
    DMA[2005-0310a-ex] - 'luxman_ex2.pl - exploit for LuxMan overflow'

5. DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow'
    DMA[2005-0131b-ex] - 'ex_perl2b.c - exploit for PERLIO_DEBUG overflow'

4. DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'
    DMA[2005-0131a-ex] - 'ex_perl.c - exploit for PERLIO_DEBUG file creation'

3. DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'
    DMA[2005-0127a-ex] - 'apple_peeler.sh - exploit for OSX at family'

2. DMA[2005-0125a] - 'Berlios gpsd format string vulnerability'
    DMA[2005-0125a-ex] - 'ex_gpsd.c - exploit for berlios gpsd'

1. DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability'
    DMA[2005-0103a-ex] - 'top_ex.pl - exploit for William LeFebvre "top"'

This site is maintained by kf_lists[at]digitalmunition[dot]com Site graffics by core