>> ARCHIVE: 2017-08

Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the “PNodeFlags::fpnArguments_overriddenInParam” flag.

Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.

Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.

The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.

OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.

Internet Download Manager version 6.28 Build 17 SEH unicode buffer overflow exploit.

ClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.

ALLPlayer version 7.4 SEH unicode buffer overflow exploit.

AdvanDate iCupid Dating software version 12.2 suffers from a remote SQL injection vulnerability.

FreeBSD jail incompletely protects the access to the IPC primitives. The ‘allow.sysvipc’ setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system…