>> ARCHIVE: 2016-09

Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.

A malicious sftp server may force a client-side relative path traversal in jsch’s implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective…

This Metasploit module exploits the “diagnostic console” feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an…

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has…

Silverstripe theme Newedge suffers from a cross site scripting vulnerability.

Microsoft Internet Explorer 11 is not following the CORS specification for local files like Chrome and Firefox. Microsoft does not believe this to be a security issue.

Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.

Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.