Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in “/framework/modules/help/controllers/helpController.php” affecting the version parameter. Impact is Information Disclosure.
Monthly Archives: November 2016
CVE-2016-9136 (mujs)
Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the “crafted JavaScript” approach, related to a “Buffer Over-read” issue.
Non-Stop: The Number of Users Attacked with Encrypting Ransomware Grew 2.6 Times in Q3 2016
Kaspersky Lab today announced the results of its quarterly IT threat evolution report, which found the number of Internet users that encountered encrypting ransomware more than doubled in Q3 2016, reaching 821,865 people.
Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)
Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:
MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)
At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit
Bugtraq: Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
Bugtraq: Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
Bugtraq: [security bulletin] HPSBUX03664 SSRT110248 rev.1 – HP-UX BIND Service running named, Remote Denial of Service (DoS)
[security bulletin] HPSBUX03664 SSRT110248 rev.1 – HP-UX BIND Service running named, Remote Denial of Service (DoS)
RHSA-2016:2142-1: Important: bind97 security update
Red Hat Enterprise Linux: An update for bind97 is now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-8864
RHSA-2016:2141-1: Important: bind security update
Red Hat Enterprise Linux: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-8864
RHSA-2016:2138-1: Critical: java-1.7.0-ibm security update
Red Hat Enterprise Linux: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597