>> ARCHIVE: 2016-11

4images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through…

MyBB version 1.8.6 suffers from multiple cross site scripting vulnerabilities.

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable…

vBulletin versions 4.2.3 and below suffer from a remote SQL injection vulnerability in the forumrunner add-on.

A vulnerability in the validation of Amazon SNS messages was found in the W3 Total Cache plugin. This issue allows an attacker to perform a variety of actions concerning the…

Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure file permission vulnerability.

WordPress Google Maps plugin version 6.3.14 suffers from a cross site request forgery vulnerability.

An information disclosure vulnerability was found in the W3 Total Cache plugin. This issue allows an attacker to hijack sensitive information, such as the administrator’s session cookie. Exploiting the vulnerability…

WordPress W3 Total Cache plugin version 0.9.4.1 suffers from a cross site scripting vulnerability.