>> ARCHIVE: 2016-07

XpoLog version 6 suffers from cross site scripting, open redirection, and cross site request forgery vulnerabilitie.

XpoLog version 6 suffers from a cross site request forgery vulnerability.

Ubuntu Linux 16.04 local root exploit that leverages a netfilter target_offset out-of-bounds vulnerability.

24 Online version 8.3.7 build 9.0 suffers from a remote SQL injection vulnerability.

WebCalendar version 1.2.7 suffers from a PHP code injection vulnerability.

KWSPHP CMS version 1.6.995 suffers from a persistent cross site scripting vulnerability.

eCardMAX version 10.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.

Syslog Server version 1.2.3 for windows suffers from a remote denial of service vulnerability.

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.