em4 soft suffers from a division by zero attack when handling Crouzet Logic Software Document ‘.pm4’ files, resulting in denial of service vulnerability and possibly loss of data.
>> CATEGORY: exploit
The Vulnerability Laboratory Core Research Team discovered a client-side cross site scripting web vulnerability in the official Adobe Edex online service web-application.
An independent vulnerability laboratory researcher discovered multiple application-side cross site scripting vulnerability in the jcow v9.9.1 CE web-application.
Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.
Fing version 3.3.0 suffers from a persistent mail encoding vulnerability.
WP Good News Themes suffers from a client-side cross site scripting vulnerability.
Pulse CMS version 4.5.2 suffers from a local file inclusion vulnerability.
The Comodo Anti-Virus GeekBuddy component suffers from a dll hijacking vulnerability.
A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file…
A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file…