>> ARCHIVE: 2015-10

Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.

WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.

WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.

WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.

LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.

PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token…