>> ARCHIVE: 2016-11

When serializing JavaScript objects for sending to another window using the postMessage method, the code in blink does not handle Symbol objects correctly and attempts to serialize this kind of…

Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and…

ShopZilla Comparison Shopping Script version 2.3 suffers from a cross site scripting vulnerability.

Rate-Me PHP Script version 1.0 suffers from a persistent cross site scripting vulnerability.

InvoicePlane version 1.4.8 has an incorrect access control for password resets.

Sagem Fast 3304-V2 suffers from a credential disclosure vulnerability.

A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to…

The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.

ATutor version 2.2.2 cross site request forgery proof of concept that adds a new course.

Schoolhos CMS version 2.29 suffers from code execution and remote SQL injection vulnerabilities.