>> ARCHIVE: 2016-12

WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.

Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used…

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may…

Microsoft Internet Explorer 9 suffers from a CDoc::ExecuteScriptUri use-after-free vulnerability.

Windows Media Center “ehshell.exe” is vulnerable to an XML External Entity attack allowing remote access to any files on a victim’s computer, if they open an XXE laden “.mcl” file…

Microsoft Excel Starter 2010 suffers from an XML eXternal Entity vulnerability that allows for remote file disclosure.

Shuttle Tech ADSL Wireless 920 WM suffers from cross site scripting, directory traversal, and default telnet root password vulnerabilities.

Windows System Information MSINFO32.exe version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.