EMC ScaleIO Local Elevation of Privilege Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local elevation of privilege vulnerability exists in EMC ScaleIO. A local attacker could exploit this vulnerability to execute arbitrary...

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

! Last week, a man named Dawid Golunski Polish hackers discovered the existence of the MySQL vulnerabilities: a remote root code execution exploit and a privilege escalation vulnerability. At the time, Golunski only provides the first vulnerability poc, but the commitment will disclose a second...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware,...

FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0)

Dawid Golunski reports : An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

MySQL <= 5.7.15 remote Root code execution vulnerability

http://legalhackers.com - dawid at legalhackers.com - Release date: 12.09.2016 I. VULNERABILITY ------------------------- MySQL = 5.7.15 Remote Root Code Execution / Privilege Escalation 0day 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND...

Elevation of Privilege Vulnerability in Multiple NUUO and NetGear Products

NUUO NVRmini 2 and NVRsolo are network video recorders.NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution that integrates video surveillance software, storage, switching, and network management.NUUO Crystal is a Linux-based enterprise VMS Virtual Memory System NUUO...

setroubleshoot: command injection issues

Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

Cisco Virtualization Experience Client Input Validation Elevation of Privilege Vulnerability

Cisco Virtualization Experience Client is a thin client for integrated virtualization infrastructure from Cisco USA. An input validation vulnerability in the subsystem that manages the WEB interface, included in firmware version 11.2 27.4 of the Cisco Virtualization Experience Client 6000 series,...

xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests

Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges...

ALCASAR 2.8.1 Remote Root Code Execution

!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8.1 Remote Root Code Execution Vulnerability Author: eF Date : 2014-09-12 URL : http://www.alcasar.net/ This is not a responsible disclosure coz' I have no sense of ethics and I don't give a fck. db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b...

ALCASAR <= 2.8.1 - Remote Root Code Execution Vulnerability

Exploit for php platform in category web applications !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8.1 Remote Root Code Execution Vulnerability Author: eF Date : 2014-09-12 URL : http://www.alcasar.net/ This is not a responsible disclosure coz' I have no sense of ethics and I don't give a...

ALCASAR-Remote

By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...

F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...

McAfee LinuxShield <= 1.5.1 - Local/Remote Root Code Execution

No description provided by source. !/usr/bin/perl Title: McAfee LinuxShield = 1.5.1 Local/Remote Root Exploit Name: nailsRoot.pl Author: Nikolas Sotiriu lofi lofiatsotiriu.de WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accept...

CFME: SSH Utility insecure tmp file creation leading to code execution as root

The 1 shellexec function in lib/util/MiqSshUtilV1.rb and 2 tempcmdfile function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name...

bcfg2 shell chatacters vulnerability

It's possible to execute code as a root...

FreeBSD 7.0-RELEASE Telnet Daemon Local Privilege Escalation Exploit

Exploit for freebsd platform in category local exploits ==================================================================== FreeBSD 7.0-RELEASE Telnet Daemon Local Privilege Escalation Exploit ==================================================================== FreeBSD 7.0-RELEASE telnet daemon...

KDE start_kdeinit privilege escalation

It's possible to execute code with root privileges or send signals to privileged processes...

FreeBSD : NVIDIA UNIX driver -- arbitrary root code execution vulnerability (a6d9da4a-5d5e-11db-8faf-000c6ec775d9)

Rapid7 reports : The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely via a remote X client or an X client which visits a malicious web page. A working...