Honggfuzz CLI Fuzzer 0.1
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
Ostinato Traffic Generator 0.3 Mac OS X
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
Aanval Intrusion Detection Tool 6
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
Zero Day Initiative Advisory 10-262
Zero Day Initiative Advisory 10-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. This can lead to code execution under the context of the application.
Zero Day Initiative Advisory 10-261
Zero Day Initiative Advisory 10-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application.
Zero Day Initiative Advisory 10-260
Zero Day Initiative Advisory 10-260 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.
Zero Day Initiative Advisory 10-259
Zero Day Initiative Advisory 10-259 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. If this field's value is larger than the number of objects, the application will utilize objects outside of this array. Successful exploitation can lead to code execution under the context of the application.
iDEFENSE Security Advisory 2010-12-07.1
iDefense Security Advisory 12.07.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way specially crafted PICT image files are handled by the QuickTime PictureViewer. When processing specially crafted PICT image files, Quicktime PictureViewer uses a set value from the file to control the length of a byte swap operation. The byte swap operation is used to convert big endian data to little endian data. QuickTime fails to validate the length value properly before using it. When a length value is larger than the actual buffer size supplied, it will corrupt heap memory beyond the allocated buffer, which could lead to an exploitable condition. QuickTime Player versions prior to 7.6.9 are vulnerable.
Zed Attack Proxy (ZAP) 1.1.0
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
iFTPStorage 1.3 Directory Traversal
iFTPStorage versions 1.3 and below for iPhone / iPod Touch suffers from a directory traversal vulnerability.