WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution

Exploit Title: WP Content Injection Shell Exploit Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Bacbox ubuntu Linux Based on:...

EMC Data Domain OS Local Command Injection Vulnerability (ESA-2016-160)

EMC Data Domain OS is prone to a local command injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sophos Web Appliance 4.2.1.3 Remote Command Injection

Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote compromise of the appliance's underlining Linux subsystem. The...

CVE-2016-10178

An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 UDP launches the "/sbin/telnetd -l /bin/sh" command...

CVE-2016-9554

CVE-2016-9554 affects Sophos Web Appliance (Secure Web Gateway) before version 4.3.1. The vulnerability exists in the web admin interface via MgrDiagnosticTools.php, where diagnostic tests invoke wget and pass user-controlled input in the url parameter to executeCommand, which calls exec() withou...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

DEBIAN-CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

CVE-2016-4484 affects the Debian cryptsetup initrd script (versions up to 2:1.7.3-2). The root cause is that the initrd script allows physically proximate attackers to gain shell access after many login attempts with invalid passwords. The issue provides a high impact on confidentiality, integrit...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

PT-2017-19481

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

Dell iDRAC7 and iDRAC8 Devices Code Injection Vulnerability (Nov 2016)

Dell iDRAC7 and iDRAC8 devices allow authenticated users to gain Bash shell access through a string injection. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...