Apple Security Advisory 2013-10-15-1
Apple Security Advisory 2013-10-15-1 - Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user
[webapps] – Imperva SecureSphere Web Application Firewall MX 9.5.6 – Blind SQL Injection
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
[dos] – HylaFAX+ 5.2.4 – 5.5.3 – Buffer Overflow
HylaFAX+ 5.2.4 - 5.5.3 - Buffer Overflow
[webapps] – WordPress Lazy SEO plugin Shell Upload Vulnerability
Wordpress Lazy SEO plugin Shell Upload Vulnerability
Apple Security Advisory 2013-09-20-1
Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
Apple Security Advisory 2013-09-17-1
Apple Security Advisory 2013-09-17-1 - OS X Server v2.2.2 is now available and addresses issues in ClamAV, PostgreSQL, and Wiki Server.
Apple Security Advisory 2013-09-12-1
Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.
Zed Attack Proxy 2.2.1 Mac OS X Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Packet Storm Exploit 2013-0827-1 – Oracle Java ByteComponentRaster.verify() Memory Corruption
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
[webapps] – Joomla redSHOP Component 1.2 – SQL Injection
Joomla redSHOP Component 1.2 - SQL Injection