>> ARCHIVE: 2015-11

Redis has eloquently explained how it can be used for remote command execution if not securely configured to mitigate arbitrary access.

Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each…

Cisco’s tools site suffered from multiple cross site scripting vulnerabilities.

Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements…

Sam Spade version 1.14 local buffer overflow exploit.

Python versions 3.3 through 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each…

Zeuscart version 4.0 suffers from a cross site scripting vulnerability in the search functionality.

Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability.

Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site scripting vulnerability.