>> ARCHIVE: 2015-10

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the…

Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.

Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.

Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.

Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.

While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT…

The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using “Yoda’s protector”. This vulnerability is obviously exploitable for remote code…

Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.

K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.