>> ARCHIVE: 2017-12

The nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.

Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.

The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough…

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this…

WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.

WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is…

There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is…