>> ARCHIVE: 2016-11

Adobe Connect and Desktop version 9.5.7 suffers from malicious script insertion vulnerabilities.

Samsung Software Update Service, SWUpdateService (SWMAgent.exe), installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to…

Verint Impact 360 version 11.1 suffers from an open redirection vulnerability.

Droid4XService (Droid4XService.exe) installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with…

PCMan FTP server version 2.0.7 LIST command buffer overflow exploit.

A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such…

e107 CMS version 2.1.2 suffers from a privilege escalation vulnerability.

Nero version 7.10.1.0 suffers from an unquoted service path privilege escalation vulnerability.

Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.

Exponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability.