Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
Monthly Archives: April 2016
CVE-2016-1563 (clustered_data_ontap)
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
How to Run Ubuntu on latest Windows 10 Insider Preview Build 14316
As reported last week, Microsoft will launch an ‘Anniversary Update’ for Windows 10 that will bring Ubuntu file system, allowing you to use Bash to run command-line Linux applications without a virtual machine.
However, you do not have to wait until this summer to run Bash (Bourne Again Shell) on your Windows 10 OS, as Microsoft has released the first preview build of the Windows 10
Perli v2.6 iOS – Filter Bypass & Persistent Vulnerability
Posted by Vulnerability Lab on Apr 07
Document Title:
===============
Perli v2.6 iOS – Filter Bypass & Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1813
Release Date:
=============
2016-04-05
Vulnerability Laboratory ID (VL-ID):
====================================
1813
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Eight Webcom CMS (2016 Q2) – SQL Injection Vulnerability
Posted by Vulnerability Lab on Apr 07
Document Title:
===============
Eight Webcom CMS (2016 Q2) – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1811
Release Date:
=============
2016-04-05
Vulnerability Laboratory ID (VL-ID):
====================================
1811
Common Vulnerability Scoring System:
====================================
7.1
Product & Service Introduction:…
Quicksilver HQ VoHo Concept4E CMS v1.0 – Multiple SQL Injection Web Vulnerabilities
Posted by Vulnerability Lab on Apr 07
Document Title:
===============
Quicksilver HQ VoHo Concept4E CMS v1.0 – Multiple SQL Injection Web
Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1816
Release Date:
=============
2016-04-06
Vulnerability Laboratory ID (VL-ID):
====================================
1816
Common Vulnerability Scoring System:
====================================
7.4
Product & Service…
Virtual Freer v1.58 – Client Side Cross Site Scripting Vulnerability
Posted by Vulnerability Lab on Apr 07
Document Title:
===============
Virtual Freer v1.58 – Client Side Cross Site Scripting Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1812
Release Date:
=============
2016-04-06
Vulnerability Laboratory ID (VL-ID):
====================================
1812
Common Vulnerability Scoring System:
====================================
3.2
Product & Service Introduction:…
Techsoft WS CMS (2016 Q2) – SQL Injection Web Vulnerability
Posted by Vulnerability Lab on Apr 07
Document Title:
===============
Techsoft WS CMS (2016 Q2) – SQL Injection Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810
Release Date:
=============
2016-04-04
Vulnerability Laboratory ID (VL-ID):
====================================
1810
Common Vulnerability Scoring System:
====================================
7.2
Product & Service Introduction:…
'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe
Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.
This time not from other hackers, but from its own government.
Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export
MS13-082 – Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution – Version: 1.2
Severity Rating: Critical
Revision Note: V1.2 (April 7, 2016): Corrected download links for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.