:: Deepquest ::

Personal Address Book version 2.0 for iOS suffers from an unauthenticated file upload vulnerability.

Synology DiskStation Manager (DSM) 4.3-3776 – Multiple Vulnerabilities

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Lua-Programming Language version 1.6 for iOS suffers from a remote file upload vulnerability.

Apple Security Advisory 2013-09-06-1 – AirPort Base Station Firmware Update 7.6.4 is now available and addresses a security issue. An associated client may be able to cause an unexpected base station system termination.

A heap memory buffer overflow vulnerability exists within the WebKit’s JavaScriptCore JSArray::sort(…) method.

A heap memory buffer overflow vulnerability exists within the WebKit’s JavaScriptCore JSArray::sort(…) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8.

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.