The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using “Yoda’s protector”. This vulnerability is obviously exploitable for remote code execution as NT AUTHORITYSYSTEM on all systems using Kaspersky Antivirus.

While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITYSYSTEM.

Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.

Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.

Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.

Digital Whisper Electronic Magazine issue 65. Written in Hebrew.

Debian Linux Security Advisory 3372-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the “WebPermission” permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users’ default browser.