Remote Code Execution in Exponent

2016-02-10 Thread High-Tech Bridge Security Research
Advisory ID: HTB23290 Product: Exponent Vendor: http://www.exponentcms.org/ Vulnerable Version(s): 2.3.7 and probably prior Tested Version: 2.3.7 Advisory Publication: January 13, 2016 [without technical details] Vendor Notification: January 13, 2016 Vendor Patch: January 23, 2016 Public

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability

2016-02-10 Thread Vulnerability Lab
Document Title: === Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1536 Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

2016-02-10 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability Advisory ID: cisco-sa-20160210-asa-ike Revision 1.0 For Public Release 2016 February 10 16:00 GMT (UTC

NPS Datastore server DLL side loading vulnerability

2016-02-10 Thread Securify B.V.
NPS Datastore server DLL side loading vulnerability Yorick Koster, September 2015

Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

2016-02-10 Thread Jason Hellenthal
In 2019 you say huh. Damn future tellers !!! I need to get one of those !!! -- Jason Hellenthal JJH48-ARIN On Feb 5, 2016, at 15:50, Stefan Kanthak wrote: Hi @ll, the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for Windows load and execute several

MapsUpdateTask Task DLL side loading vulnerability

2016-02-10 Thread Securify B.V.
MapsUpdateTask Task DLL side loading vulnerability Yorick Koster, November 2015

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability

2016-02-10 Thread Ratio Sec
--- RatioSec Research Security Advisory RS-2016-002 --- Duplicator Wordpress Plugin Code And Database Dump Via

BDA MPEG2 Transport Information Filter DLL side loading vulnerability

2016-02-10 Thread Securify B.V.
BDA MPEG2 Transport Information Filter DLL side loading vulnerability Yorick Koster, September 2015

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

2016-02-10 Thread Securify B.V.
Fix Microsoft released MS16-014 that fixes this vulnerability. On 16-12-15 19:27, Securify B.V. wrote:

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities

2016-02-10 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 SEC Consult Vulnerability Lab Security Advisory < 20160210-0 > === title: Multiple Vulnerabilities product: Yeager CMS vulnerable version:

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

2016-02-10 Thread Vulnerability Lab
Document Title: === MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1706 Release Date: = 2016-02-10 Vulnerability Laboratory ID (VL-ID):

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

2016-02-10 Thread Vulnerability Lab
Document Title: === File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1715 Release Date: = 2016-02-09 Vulnerability Laboratory ID (VL-ID):