>> ARCHIVE: 2019-03

MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which allow a web page to bypass the security…

There’s a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we…

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this…

There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with…

Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.