CVE-2016-5759

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...

Stack overflow

A network interface of the noviprocessmanagerdaemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be...

CVE-2017-12785

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user monitor role to gain privileged root code execution on the...

CVE-2017-12787

A network interface of the noviprocessmanagerdaemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be...

CVE-2017-12785

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user monitor role to gain privileged root code execution on the...

CVE-2017-12785

The CVE-2017-12785 issue affects NoviFlow NoviWare NW400.2.6 and earlier on NoviSwitch devices. A vulnerability in the novish command-line interface allows a buffer overflow in the show log cli command, enabling a read-only (monitor) user to inject commands and gain privileged (root) code executi...

CVE-2017-12787

A network interface of the noviprocessmanagerdaemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be...

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

Trend Micro ServerProtect for Linux Arbitrary File Write Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A security vulnerability exists in Trend Micro ServerProtect for Linux version 3.0. The...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

CVE-2017-3873

A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...

CVE-2016-8586

detectedpotentialfiles.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8590

logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8591

logquery.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

Tenable Appliance 4.5 - Root Remote Code Execution

Tenable Appliance 4.5 - Root Remote Code Execution !/bin/bash : ' According to http://static.tenable.com/proddocs/upgradeappliance.html they fixed two security vulnerabilities in the web interface in release 4.5 so I guess previous version are also vulnerable. Exploit Title: Unauthenticated remot...

CVE-2017-6554

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACTNEWFILESENT action...

USN-3250-1 linux vulnerability

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service system crash or execute arbitrary code with administrative privileges...

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

! Last week, a man named Dawid Golunski Polish hackers discovered the existence of the MySQL vulnerabilities: a remote root code execution exploit and a privilege escalation vulnerability. At the time, Golunski only provides the first vulnerability poc, but the commitment will disclose a second...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware,...

FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0)

Dawid Golunski reports : An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...