>> ARCHIVE: 2017-10

Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.

The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.

Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.

There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for…

phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.

E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.

binutils version 2.29.51.20170921 suffers from a read_1_byte heap-based buffer overflow vulnerability.

ASX to MP3 version 3.1.3.7 .m3u buffer overflow exploit.