YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.
>> TAG: #xss
Apple Security Advisory 2012-09-24-1 – Apple TV 5.1 is now available and addresses issues relating to malicious media loading, memory corruption, and more.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious, local users to disclose system information and gain escalated privileges, by malicious people to disclose potentially sensitive information, conducts spoofing attacks, and compromise a user’s device, and by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions.
Apple Security Advisory 2012-09-12-1 – iTunes 10.7 is now available and addresses multiple memory corruption issues in webkit.
Secunia Security Advisory – Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user’s system.
Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework
Clipster Video Persistent XSS Vulnerability
OTRS Open Technology Real Services 3.1.8 and 3.1.9 XSS Vulnerability
BusinessWiki 2.5RC3 Stored XSS & Arbitrary File Upload