>> ARCHIVE: 2017-02

Elefant CMS version 1.3.12-RC suffers from multiple persistent cross site scripting vulnerabilities.

Simplessus Files version 3.7.7 suffers from a path traversal vulnerability.

Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.

This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with…

Plone version 5.0.5 suffers from a cross site scripting vulnerability.

Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.

GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.

Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.