glFusion 1.2.2 – Multiple XSS Vulnerabilities
>> TAG: #Vulnerabilities
glFusion 1.2.2 – Multiple XSS Vulnerabilities
This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own
Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own.
Apple Security Advisory 2011-10-12-4 – Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.
Apple Security Advisory 2011-10-12-2 – An Apple TV software update is now available and addresses credential interception, spoofing, information disclosure, and various other vulnerabilities.
Apple Security Advisory 2011-10-11-1 – iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
Apple Security Advisory 2011-08-03-1 – QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
Source code for the latest version of the ZeuS crimeware kit has been leaked on the internet, giving anyone who knows where to look free access to a potent set of malware-generation tools that normally sell for as much as $10,000.