The Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow vulnerability.
>> CATEGORY: XSS
IlohaMail Webmail Stored XSS
Zero Day Initiative Advisory 12-137 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm.
Zero Day Initiative Advisory 12-136 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple’s QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page
T-dah Webmail Multiple Stored XSS
Hastymail2 Webmail 1.1 RC2 Stored XSS
Roundcube Webmail Version 0.8.0 Stored XSS
WordPress RSVPMaker v2.5.4 Persistent XSS
ClubHACK Magazine Issue 31 – Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.
Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.