Good For Enterprise 2.2.2.1611 Cross Site Scripting
Apple Security Advisory 2013-09-18-3
Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)
Apple Security Advisory 2013-09-18-3 – Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.
Tags: Apple, exploit, Security, ubuntuPacket Storm Advisory 2013-0827-1 – Oracle Java ByteComponentRaster.verify()
Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file
Tags: exploit, facebook, ubuntuPacket Storm Advisory 2013-0813-1 – Oracle Java IntegerInterleavedRaster.verify()
Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)
The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution
Tags: javascript, Security, ubuntu, windowsOracle Java storeImageArray() Invalid Array Indexing Code Execution
Apple Quicktime 7 Invalid Atom Length Buffer Overflow
Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)
This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as ‘rdrf’ or ‘dref’ in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.
Tags: Apple, exploit, Security, twitter, ubuntustrongSwan IPsec Implementation 5.0.4
Posted by deepcore under Android, Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface.
Tags: facebook, linux, Security, ubuntu, xss