CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion This information is available in an easier to read format on my blog at http://blog.skylined.nl/ With [MS16-063] Microsoft has patched

[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author:

[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn

[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player

Hi @ll, the executable (un)installers for Flash Player before version 22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are vulnerable to DLL hijacking: they load and execute multiple Windows system DLLs from their "application directory" instead of Windows' "system directory"