Apple Security Advisory 2015-06-30-1 – iOS 8.4 is now available and addresses denial of service, an incorrect issued certificate, arbitrary code execution, and various other flaws.
Monthly Archives: June 2015
Faraday 1.0.11
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS
Original release date: June 30, 2015
Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications.
Available updates include:
- QuickTime 7.7.7 for Windows 7 and Windows Vista
- Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
- Mac EFI for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5
- OS X Yosemite 10.10.4 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.3
- iOS 8.4 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
US-CERT encourages users and administrators to review Apple security updates HT204947, HT204950, HT204934, HT204942, HT204941 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Climatix BACnet/IP Communication Module Cross Site Scripting
Climatix BACnet/IP communication module versions prior to 10.34 suffer from a cross site scripting vulnerability.
X-Cart 4.5.0 Cross Site Scripting
X-Cart version 4.5.0 suffers from a cross site scripting vulnerability.
X-Cart 4.5.0 Cross Site Scripting
X-Cart version 4.5.0 suffers from a cross site scripting vulnerability.
TimeDoctor Pro 1.4.72.3 Insecure Transport
TimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn’t perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain and then execute custom binaries on the machine where the application is running.
TimeDoctor Pro 1.4.72.3 Insecure Transport
TimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn’t perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain and then execute custom binaries on the machine where the application is running.
ManageEngine Password Manager Pro 8.1 SQL Injection
ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability.
ManageEngine Password Manager Pro 8.1 SQL Injection
ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability.