Personal Address Book 2.0 File Upload
Personal Address Book version 2.0 for iOS suffers from an unauthenticated file upload vulnerability.
[webapps] – Synology DiskStation Manager (DSM) 4.3-3776 – Multiple Vulnerabilities
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
Zed Attack Proxy 2.2.1 Mac OS X Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Lua-Programming Language 1.6 File Upload
Lua-Programming Language version 1.6 for iOS suffers from a remote file upload vulnerability.
Apple Security Advisory 2013-09-06-1
Apple Security Advisory 2013-09-06-1 - AirPort Base Station Firmware Update 7.6.4 is now available and addresses a security issue. An associated client may be able to cause an unexpected base station system termination.
Packet Storm Advisory 2013-0903-1 – Apple Safari Heap Buffer Overflow
A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method.
Packet Storm Exploit 2013-0903-1 – Apple Safari Heap Buffer Overflow
A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8.
Mac OS X 10.8.4 Local Privilege Escalation
Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.
Packet Storm Advisory 2013-0827-1 – Oracle Java ByteComponentRaster.verify()
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file
Packet Storm Exploit 2013-0827-1 – Oracle Java ByteComponentRaster.verify() Memory Corruption
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.