Full Disclosure
Posted by Berend-Jan Wever on Nov 10
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
seventh entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 9-11…
Posted by Berend-Jan Wever on Nov 09
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the sixth
entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161108001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
VBScript…
Posted by Rio Sherri on Nov 09
# Title : Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM)
# Date : 08/11/2016
# Author : R-73eN
# Tested on: Avira Antivirus 15.0.21.86 in Windows 7
# Vendor : https://www.avira.com/
# Disclosure Timeline:
# 2016-06-28 – Reported to Vendor through Bugcrowd.
# 2016-06-29 – Vendor Replied.
# 2016-07-05 – Vendor Replicated the vulnerability.
# 2016-09-02 – Vendor released updated version which fix the vulnerability.
# 2016-11-08 -…
Posted by Vulnerability Lab on Nov 09
Document Title:
===============
Adobe Connect & Desktop v9.5.7 – Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1838
Security ID: PSIRT-5180
Bulletin: https://helpx.adobe.com/security/products/connect/apsb16-35.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7851
Public News Article:…
Posted by Summer of Pwnage on Nov 08
————————————————————————
Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin
————————————————————————
Alyssa Milburn <amilburn.at.zall.org>, July 2016
————————————————————————
Abstract
————————————————————————
A stored Cross-Site…
Posted by Summer of Pwnage on Nov 08
————————————————————————
Cross-Site Scripting in Calendar WordPress Plugin
————————————————————————
Remco Vermeulen, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the Calendar…
Posted by Summer of Pwnage on Nov 08
————————————————————————
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress
Plugin
————————————————————————
Burak Kelebek, October 2016
————————————————————————
Abstract
————————————————————————
A stored Cross-Site Scripting (XSS)…
Posted by Summer of Pwnage on Nov 08
————————————————————————
Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin
————————————————————————
Jurgen Kloosterman, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in…
Posted by Summer of Pwnage on Nov 08
————————————————————————
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
————————————————————————
Yorick Koster, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in…
Posted by Summer of Pwnage on Nov 08
————————————————————————
YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object
injection vulnerability
————————————————————————
Yorick Koster, June 2016
————————————————————————
Abstract
————————————————————————
A PHP Object injection…