>> ARCHIVE: 2015-10

WordPress Pie Register plugin version 2.0.18 suffers from a cross site scripting vulnerability.

WordPress Font plugin version 7.5 suffers from a path traversal vulnerability.

WordPress Pie Register plugin version 2.0.18 suffers from multiple remote blind SQL injection vulnerabilities.

libsndfile versions 1.0.25 and below suffer from a heap overflow vulnerability.

Tomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.

Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.

CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.

The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists…

Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This…

Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.