Exponent CMS 2.3.9 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400...

Exponent CMS 2.3.9 - Blind SQL Injection

============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400 ============================================= I...

ExponentCMS SQL Injection Vulnerability (CNVD-2016-08089)

Exponent CMS is a free, open source, modular PHP-based content management system. Exponent CMS suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Exponent CMS 2.3.9 Blind SQL Injection

============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400 ============================================= I...

Exponent CMS Directory Traversal Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A directory traversal...

OIC Exponent CMS Arbitrary File Upload Vulnerability

OIC Exponent CMS is a free, open source, modular PHP-based content management system CMS from the OIC Group of companies in the United States. An arbitrary file upload vulnerability exists in OIC Exponent CMS version 2.3.8 and below, which can be exploited by attackers to upload backdoor files...

Aruba Networks / Alcatel-Lucent Private Key Disclosure

This advisory is accompanied by a blog post regarding a recap on our published "House of Keys" research study on the re-use of cryptographic secrets from 11/2015. For further information also see http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html SEC Consult...

Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

Document Title: =============== Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1886 Release Date: ============= 2016-07-27 Vulnerability Laboratory ID VL-ID: ====================================...

Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

Document Title: =============== Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1886 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID VL-ID: ====================================...

OIC Exponent CMS Cross-Site Scripting Vulnerability

OIC Exponent CMS is a free, open source, modular PHP-based content management system CMS from the OIC Group of companies in the United States. A cross-site scripting vulnerability exists in OIC Exponent CMS version 2.3.5, which can be exploited by an attacker to inject arbitrary Web script or HTM...

Exponent CMS 2.3.5 Cross Site Scripting

CVE-2015-8667 - Exponent CMS 2.3.5 Multiple Cross Site Scripting Vulnerabilities Product : Exponent CMS CVE : CVE-2015-8667 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

Exponent CMS 2.3.5 File Upload Cross Site Scripting

CVE-2015-8684 - Exponent CMS 2.3.5 File Upload Cross Site Scripting Vulnerability Product : Exponent CMS CVE : CVE-2015-8684 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

OIC Exponent CMS Remote Code Execution Vulnerability

OIC Exponent CMS is a free, open source, modular PHP-based content management system. A security vulnerability exists in OIC Exponent CMS that allows remote attackers to submit a special request to execute arbitrary PHP code in the context of an affected system...

CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

DEBIAN-CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

Exponent 2.3.7 PHP Code Execution

Advisory ID: HTB23290 Product: Exponent Vendor: http://www.exponentcms.org/ Vulnerable Versions: 2.3.7 and probably prior Tested Version: 2.3.7 Advisory Publication: January 13, 2016 without technical details Vendor Notification: January 13, 2016 Vendor Patch: January 23, 2016 Public Disclosure:...

Exponent 2.3.7 RCE

Remote command execution vulnerability in Exponent /install/index.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Medium: python-rsa

Issue Overview: It was found that python-rsa is vulnerable to Bleichenbacher'06 attack, allowing attacker to fake signatures for any public key with low exponent. CVE-2016-1494 Affected Packages: python-rsa Issue Correction: Run yum update python-rsa or yum update --advisory ALAS-2016-644 to upda...

Ubuntu: Security Advisory (USN-2883-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 15.10 : openssl vulnerability (USN-2883-1)

Antonio Sanso discovered that OpenSSL reused the same private DH exponent for the life of a server process when configured with a X9.42 style parameter file. This could allow a remote attacker to possibly discover the server's private DH exponent when being used with non-safe primes. Note that...