>> ARCHIVE: 2019-05

Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.

EquityPandit version 1.0 suffers from a password disclosure vulnerability.

Petraware pTransformer ADC versions prior to 2.1.7.22827 suffer from a remote SQL injection vulnerability that allows for login bypass.

Phraseanet DAM versions prior to 4.0.7 suffer from a cross site scripting vulnerability.

VFront version 0.99.5 suffers from multiple reflective cross site scripting vulnerabilities.

VFront version 0.99.5 suffers from a persistent cross site scripting vulnerability.