Subscribe via feed.
Archive for September, 2015

[webapps] – SMF (Simple Machine Forum) <= 2.0.10 – Remote Memory Exfiltration Exploit

Posted by deepcore under Security (No Respond)

SMF (Simple Machine Forum) <= 2.0.10 – Remote Memory Exfiltration Exploit

Tags: ,

OS X Regex Engine Bad Alloca

Posted by deepcore under Apple (No Respond)

The OS X regex engine (TRE) uses the alloca function in a few places, sometimes where an attacker can partially control the size.

Tags: , ,

Apple Security Advisory 2015-09-21-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2015-09-21-1 – watchOS 2 is now available and addresses unexpected application termination and interception issues.

Tags: , ,

OS X Regex Engine Stack Buffer Overflow

Posted by deepcore under Apple (No Respond)

OS X Regex Engine (TRE) suffers from a stack buffer overflow vulnerability.

Tags: , ,

OS X Regex Engine Integer Signedness / Overflow

Posted by deepcore under Apple (No Respond)

OS X Regex Engine (TRE) suffers from integer signedness and overflow issues.

Tags: , ,

[local] – Cisco AnyConnect 3.1.08009 – Privilege Escalation via DMG Install Script

Posted by deepcore under Security (No Respond)

Cisco AnyConnect 3.1.08009 – Privilege Escalation via DMG Install Script

Tags: ,

[remote] – w3tw0rk / Pitbul IRC Bot Remote Code Execution

Posted by deepcore under Security (No Respond)

w3tw0rk / Pitbul IRC Bot Remote Code Execution

Tags: ,

[webapps] – refbase <= 0.9.6 – Multiple Vulnerabilities

Posted by deepcore under Security (No Respond)

refbase <= 0.9.6 – Multiple Vulnerabilities

Tags: ,

[papers] – Content-Based Blind Injection Using By Double Substring

Posted by deepcore under Security (No Respond)

Content-Based Blind Injection Using By Double Substring

Tags: ,

UDID v1.0 iOS – Persistent Mail Encode Vulnerability

Posted by deepcore under exploit (No Respond)

The Vulnerability Laboratory Research Team discovered application-side validation vulnerability in the official UDID v1.0 iOS mobile web-application.