Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DateAuthorTitle

MAC OSX POC CVE20090689 EXPLOIT

2010-01-12Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

MAC

2015-02-19/a>Daniel WesemannMacros? Really?!
2014-01-24/a>Chris MohanSecurity Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>Adrien de BeaupreApple security updates Mac OS X and Safari
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>Swa FrantzenMacs need to patch too!
2013-08-09/a>Kevin ShorttCopy Machines - Changing Scanned Content
2013-03-02/a>Scott FendleyApple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-12/a>Guy BruneauApple Java Updates for Mac OS X
2012-02-24/a>Guy BruneauFlashback Trojan in the Wild
2012-02-04/a>Scott FendleyApple Security Advisory 2012-001 v1.1
2011-08-05/a>donald smithNew Mac Trojan: BASH/QHost.WB
2011-06-23/a>Jim ClausingApple Security Updates 2011-004
2011-06-15/a>Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>Swa FrantzenMacDefender ups the ante with removing the password need for installation
2011-05-06/a>Richard PorterUnpatched Exploit: Skype for MAC
2010-11-16/a>Guy BruneauMac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>Deborah HaleDigital Copy Machines - Security Risk?
2010-06-15/a>Manuel Humberto Santander PelaezApple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>Jim ClausingMemory Analysis - time to move beyond XP
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-09/a>Guy BruneauApple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2008-07-17/a>Mari NicholsFirefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-02/a>Adrien de BeaupreWhen is a DMG file not a DMG file
2006-12-12/a>Swa FrantzenMicrosoft Office 2004 - Mac OS X updated
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple

OSX

2014-07-11/a>Rob VandenBrinkApple pushes OS X update to block out of date Flash versions - http://support.apple.com/kb/HT5655
2014-02-25/a>Alex StanfordApple releases OS X 10.9.2 patching SSL vulnerability and updates Safari
2013-09-13/a>Rob VandenBrinkOS X v10.8.5 update - details here: http://support.apple.com/kb/HT5880
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2010-06-02/a>Rob VandenBrinkNew Mac malware - OSX/Onionspy
2010-02-05/a>Jim ClausingMemory Analysis - time to move beyond XP
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-09-12/a>Jim ClausingApple Updates
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2008-11-25/a>Andre LudwigOS X Dns Changers part three
2007-01-03/a>Toby KohlenbergVLC Media Player udp URL handler Format String Vulnerability
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-21/a>Johannes UllrichApple updates Airport Drivers

POC

2010-07-04/a>Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-09/a>Deborah HaleAdobe POC in the Wild
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

CVE20090689

2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

EXPLOIT

2015-02-04/a>Alex StanfordExploit Kit Evolution - Neutrino
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-02-28/a>Daniel WesemannFiesta!
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2013-02-17/a>Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13/a>Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-01-05/a>Guy BruneauAdobe ColdFusion Security Advisory
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-12-02/a>Guy BruneauZero Day MySQL Buffer Overflow
2012-08-05/a>Daniel WesemannPhishing for Payroll with unpatched Java
2012-07-19/a>Mark BaggettA Heap of Overflows?
2012-06-18/a>Guy BruneauCVE-2012-1875 exploit is now available
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-26/a>Richard PorterPacketstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-08/a>Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06/a>Pedro BuenoThe RedRet connection...
2011-11-22/a>Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-10-13/a>Johannes UllrichCritical OS X Vulnerability Patched
2011-05-06/a>Richard PorterUpdated Exploit Index for Microsoft
2011-03-29/a>Daniel WesemannMalware emails with fake cellphone invoice
2011-03-15/a>Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-16/a>Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2010-12-27/a>Johannes UllrichVarious sites "Owned and Exposed"
2010-12-13/a>Deborah HaleThe Week to Top All Weeks
2010-12-02/a>Kevin JohnsonProFTPD distribution servers compromised
2010-11-01/a>Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-09-26/a>Daniel WesemannPDF analysis paper
2010-09-14/a>Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02/a>Daniel WesemannSDF, please!
2010-08-22/a>Manuel Humberto Santander PelaezAnatomy of a PDF exploit
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10/a>Andre LudwigNew bug/exploit for javaws
2010-02-08/a>Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-19/a>Johannes UllrichUnpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05/a>Guy BruneauJava JRE Buffer and Integer Overflow
2009-11-16/a>G. N. WhiteReports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21/a>Pedro BuenoWordPress Hardening
2009-09-16/a>Bojan ZdrnjaSMB2 remote exploit released
2009-08-31/a>Pedro BuenoMicrosoft IIS 5/6 FTP 0Day released
2009-08-18/a>Bojan ZdrnjaMS09-039 exploit in the wild?
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-15/a>Bojan ZdrnjaMake sure you update that Java
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-09/a>Bojan ZdrnjaOpenSSH 0day FUD
2009-06-12/a>Adrien de BeaupreGreen Dam
2009-06-08/a>Chris CarboniKloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06/a>Tom ListonFollow The Bouncing Malware: Gone With the WINS
2009-04-24/a>Pedro BuenoDid you check your conference goodies?
2009-04-14/a>Swa FrantzenVMware exploits - just how bad is it ?
2009-03-19/a>Mark HofmanBrowsers Tumble at CanSecWest
2009-03-18/a>Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2008-08-26/a>John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-05-07/a>Jim ClausingMore on automated exploit generation
2008-05-05/a>John BambenekDefenses Against Automated Patch-Based Exploit Generation
2008-04-24/a>Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-18/a>John BambenekThe Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-10/a>Deborah HaleSymantec Threatcon Level 2
2006-11-20/a>Joel EslerMS06-070 Remote Exploit