Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability

== Secunia Research 2016/11/10 Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability ==

CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser

CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser Severity: Important Vendor: The Apache Software Foundation Versions Affected: 1.6-1.13 Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files.

Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability

== Secunia Research 2016/11/10 Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability == Table of Contents Affected

Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability

== Secunia Research 2016/11/10 Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability == Table of Contents Affected

WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the eight entry in that series, although this particular vulnerability does not just affect web-browsers, but all applications that use WININET to make HTTP requests.

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0

Document Title: === Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 References (Source): https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4

MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventh entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161109001.html. There you can find a repro