>> ARCHIVE: 2016-09

Cherry Music version 0.35.1 suffers from an arbitrary file disclosure vulnerability.

wdCalendar version 2 suffers from a remote SQL injection vulnerability.

Antisip libosip2 version 4.1.0 suffers from heap buffer overflow vulnerabilities that can lead to a denial of service.

ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.

Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.

Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.

Battle.Net version 1.5.0.7963 suffers from an insecure file permissions privilege escalation vulnerability.

Android has an issue where racy getpidcon usage permits binder service replacement.