>> ARCHIVE: 2017-05

WordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.

WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.

Linux kernel versions 3.11 through 4.8 O_SNDBUFFORCE and SO_RCVBUFFORCE local privilege escalation exploit.

Vanilla Forums versions 2.3 and below remote code execution exploit.

Linux kernel version 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) double-free usb-midi SMEP local privilege escalation exploit.

OpenVPN version 2.4.0 suffers from an unauthenticated denial of service vulnerability.

Trashbilling.com suffered from account enumeration, cross site scripting, denial of service, and remote SQL injection vulnerabilities. Trashflow 3.0 suffers from denial of service and hard-coded credential vulnerabilities.

google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.

CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.

Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.