Posted by research () rv3lab org on Apr 20

###################################################

01. ### Advisory Information ###

Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly
Webshare) v1.3.1
Date published: 2016-15-04
Date of last update: 2014-03-04
Vendors contacted: Oliver (formerly Webshare) v1.3.1
Discovered by: Rv3Laboratory [Research Team]
Severity: Medium

02. ### Vulnerability Information ###

CVE reference: CVE-2014-2710
VU#279207
OVI-2016-7982
CVSS v2 Base…

Posted by David Leo on Apr 20

SUMMARY
This open source tool strictly controls what web browser can access, which stops web browser from loading harmful
content – Phishing, Non-Secure HTTP, or whatever that’s not in your whitelist.

SITUATION
“Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successfully exploited… browsers as well
as Windows, OS X, and Flash”…

Posted by Kyriakos Economou on Apr 20

* CVE: CVE-2016-4025
* Vendor: Avast
* Reported by: Kyriakos Economou
* Date of Release: 19/04/2016
* Affected Products: Multiple
* Affected Version: Multiple
* Fixed Version: N/A

Description:
A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by
dropping its files out of it and/or by modifying existing legitimate files of any type.

Affected Products:

Avast Internet Security v11.x.x…