Packet Storm Advisory 2013-0813-1 – Oracle Java IntegerInterleavedRaster.verify()
The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution
Tags: javascript, Security, ubuntu, windowsOracle Java storeImageArray() Invalid Array Indexing Code Execution
The Roundup for April 18, 2013 – Firedoglake
The Roundup for April 18, 2013 Firedoglake Justice, UK style. “Chagossians [ref: US airbase on Diego Garcia] suffer blow in fight to go home as court rejects WikiLeak cable: US embassy cables allegedly detailing UK plan to stop return to Indian Ocean islands used by US military is ruled …
Tags: hacker, wikileak, windowsApple Security Advisory 2011-11-14-1
Apple Security Advisory 2011-11-14-1 – iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available.
Tags: apple-security, Security, windowsSkype VoIP 5.2.x / 5.3.x Memory Corruption
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server.
Tags: complete, local-attacker, search-request, skype, windowsZero Day Initiative Advisory 11-228
Zero Day Initiative Advisory 11-228 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX.
Tags: Application, Vulnerability, windowsZorg 1.0 + PJSIP 1.8.5 + libtomcrypt Back-End
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption.
Tags: been-integrated, windows, zrtpZed Attack Proxy (ZAP) 1.1.0
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.
Tags: cross-platform, Security, tools, windows