>> ARCHIVE: 2017-05

Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.

Core Security Technologies Advisory – SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found…

Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.

This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The ‘tsql’ binary was used for the fuzzing, so these most likely only affect client-side functionality….

BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.

Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.

Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.

QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via…