Subscribe via feed.
Posts under XSS

Mac OS X Sudo Password Bypass

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775.

Tags: , ,

FBI Agent Claims Hacking Group Anonymous is on Lockdown

Posted by deepquest under Apple, facebook, Lulz, m$, Privacy, Security, Sony, twitter, Wikileak, XSS (No Respond)

FBI officials are claiming to have all but shut down hacker collective Anonymous because arrests have acted as a deterrent and freaked out hacktivists don’t trust each other.

Tags: , , , ,

[remote] – dreamMail e-mail client v4.6.9.2 Stored XSS

Posted by deepcore under exploit, m$, Security, XSS (No Respond)

dreamMail e-mail client v4.6.9.2 Stored XSS

Tags: , , ,

[papers] – Win32-Worm:VBS/Jenxcus.A Malware Report

Posted by deepcore under exploit, m$, XSS (No Respond)

Win32-Worm:VBS/Jenxcus.A Malware Report

Tags: , , , ,

Packet Storm Advisory 2013-0819-1 – Oracle Java BytePackedRaster.verify()

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file

Tags: , ,

Packet Storm Exploit 2013-0819-1 – Oracle Java BytePackedRaster.verify() Signed Integer Overflow

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe

Tags: ,

Packet Storm Advisory 2013-0813-1 – Oracle Java IntegerInterleavedRaster.verify()

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution

Tags: , , ,

Packet Storm Exploit 2013-0813-1 – Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

Tags: , ,

Packet Storm Advisory 0811-1 – Oracle Java storeImageArray()

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution.

Tags: , ,

Oracle Java storeImageArray() Invalid Array Indexing Code Execution

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll.

Tags: , ,