Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.
>> AUTHOR: deepcore
CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.
The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists…
Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This…
Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.
A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the…
Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.
Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.
Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.
Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.