Research

Tor Browser version < 8.0 and Firefox version < 62 / < 60.2.0esr are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.

Tor Browser version 7.0.8, and probably prior, for Mac OS X and Linux, is affected by an information disclosure vulnerability that  leads to full de-anonymization of website visitors using just a single html tag.

TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected by an unspecified critical security issue. According to the Tor Project, further details will be released in the near future

Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. Basically, Apple's Quarantine works by setting an extended attribute to downloaded files (and also to files extracted from downloaded archive/image) that tells the system to open/execute those files in a restricted environment. For example, a quarantined html file won't be able to load local resources. The vulnerability is in one html file, part of the Mac OS X core, that is prone to a DOM Based XSS allowing the execution of arbitrary javascript commands in its (unrestricted) context.

Squirrelmail version 1.4.22 (and probably prior) is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in Deliver_SendMail.class.php on initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it don't escapes whitespaces allowing the injection of arbitrary command parameters.

A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine. User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability. Microsoft Remote Desktop Client for Mac OS X (ver 8.0.32 and probably prior) allows a malicious Terminal Server to read and write any file in the home directory of the connecting user. The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request. If an attacker can trick a user to open a malicious rdp url, he/she can read and write any file within the victim's home directory.

Safari for Mac OS X is prone to an XXE vulnerability when processing crafted SVG images. An attacker may use this vulnerability to steal files from local computer by tricking a user into opening and SVG image from a local location (ie USB key). This vulnerability is mitigated by the file quarantine and do not work with downloaded files.

The contentAjaxQuery class suffers from a SQL-Injection vulnerability because the request parameter "query" is used to build a sql query without beeing properly sanitized. In order to exploit this issue, an attaccker must be logged into the application as a non-privileged user.

ProjectSend (previously cFTP) suffers from multiple vulnerabilities

Lychee version 2.7.1 and probably below suffers from remote code execution vulnerability. The vulnerability resides in the importUrl function that fails to restrict file types due to the lack of file extension validation. Since the imported file is stored in a web-readable directory where php files can be executed, remote code execution can be achieved.

DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page. An attacker may use this vulnerability to execute javascript in the context of a logged admin user. Since the vulnerable page has forms with the CSRF token (the same for all requests), a full backend compromise may be possible.

LogAnalyzer version 3.4.2 and probably below suffers from multiple vulnerabilities

OSClass version 2.3.5 and probably below suffers from a directory traversal vulnerability that leads to arbitrary file upload and information disclosure.

OSClass version 2.3.4 and probably below suffers from multiple vulnerabilities

postfixadmin version 2.3.4 and probably below suffers from multiple vulnerabilities

Mibew messenger version 1.6.4 an probably below is vulnerable to multiple XSS (and persistent XSS). They are all an POSTs and can be exploited due to the lack of CSRF protection