>> ARCHIVE: 2016-11

There are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and…

txtforum version 1.0.4 remote command execution exploit.

phpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability.

A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various CElement::Notify functions to…

CMS EditMe suffers from cross site request forgery vulnerability that allows for privilege escalation.

Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability.

Dolphin versions 7.3.2 and below suffer from authentication bypass and remote command execution vulnerabilities.

Linux kernel versions 4.4 and above where CONFIG_BPF_SYSCALL and kernel.unprivileged_bpf_disabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of…

This Metasploit module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload…