>> ARCHIVE: 2016-05

An independent vulnerability laboratory researcher discovered multiple vulnerabilities in the official Teampass v2.1.25 application.

The vulnerability lab core team discovered an application-side web vulnerability in the official Peplink InControl 2 cloud based device managemet web-application.

AutoIT version 3 suffers from a dll hijacking vulnerability.

Microsoft Visual C++ 2010 Redistributable Package and Visual C++ Redistributable for Visual Studio 2015 suffer from multiple dll hijacking vulnerabilities.

gdi32.dll in Microsoft Windows suffers from a heap-based buffer overflow in ExtEscape().

Symantec / Norton Antivirus suffers from a remote ring0 memory corruption vulnerability.

gdi32.dll in Microsoft Windows suffers from information disclosure issues via the EMF CREATECOLORSPACEW record handling.

gdi32.dll in Microsoft Windows suffers from a denial of service issue due to an attacker controlling the Size argument in the gdi32!GdiComment() function.

WSO2 SOA Enablement server suffers from a cross site scripting vulnerability.

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL…