Apple Security Advisory 2013-10-15-1 – Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user
>> TAG: #Vulnerability
Imperva SecureSphere Web Application Firewall MX 9.5.6 – Blind SQL Injection
HylaFAX+ 5.2.4 – 5.5.3 – Buffer Overflow
Wordpress Lazy SEO plugin Shell Upload Vulnerability
Apple Security Advisory 2013-09-20-1 – Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
Apple Security Advisory 2013-09-17-1 – OS X Server v2.2.2 is now available and addresses issues in ClamAV, PostgreSQL, and Wiki Server.
Apple Security Advisory 2013-09-12-1 – OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
Joomla redSHOP Component 1.2 – SQL Injection