>> ARCHIVE: 2017-10

WordPress Car Park Booking plugin suffers from a remote SQL injection vulnerability.

Career Portal version 1.0 suffers from a remote SQL injection vulnerability.

Apache Solar version 7.0.1 suffers from XML external entity injection and remote code execution vulnerabilities.

Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.

Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for…

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

Afian AB FileRun version 2017.03.18 suffers from cross site request forgery, cross site scripting, open redirection, remote shell upload, and various other vulnerabilities.

It was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.