>> ARCHIVE: 2016-11

WordPress Image Gallery plugin version 1.9.65 suffers from a persistent cross site scripting vulnerability.

A full analysis and proof of concept 0-day exploits for a heap corruption vulnerability in the gstreamer decoder.

Linux ntpd 4.2.8 derive_nonce remote stack overflow proof of concept exploit.

This is an interesting analysis that goes over reverse engineering access to the HS-110 Smart Plug and how secrets are insecurely transferred.

A specially crafted web-page can cause Microsoft Internet Explorer 10 to continue to use an object after freeing the memory used to store the object. An attacker might be able…

Koken versions 0.22.7 and 0.22.11 suffer from multiple cross site scripting vulnerabilities.

A specially crafted web-page can cause a type confusion in HTML layout in Microsoft Internet Explorer 11. An attacker might be able to exploit this issue to execute arbitrary code.

Osticket versions 1.9.14 and below X-Forwarded-For stored cross site scripting exploit.

RedTeam Pentesting discovered behavior in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled.

An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official chatN…