Monthly Archives: April 2016
Gemtek CPE7000 WLTCS-106 Authentication Bypass / Code Execution
Gemtek CPE7000 WLTCS-106 suffers from authentication bypass and remote code execution vulnerabilities.
Linux/x86 Bind Shell Shellcode Generator
This python script generates bind shell shellcode for Linux x64.
Microsoft Security Bulletin Revision Increment For April, 2016
This bulletin summary lists MS16-039 which has undergone a major revision increment.
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2300
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2302
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
CVE-2016-2303
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
CVE-2016-2304
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.