CVE-2017-3873

A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...

HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation Vulnerability

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary com.privax.hmaprovpn.helper local privilege escalation vulnerability. ------------------------------------------------------------------------ Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x f...

CVE-2016-8586

detectedpotentialfiles.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8590

logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8589

logquerydae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

CVE-2016-8591

logquery.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

Tenable Appliance 4.5 - Root Remote Code Execution

Tenable Appliance 4.5 - Root Remote Code Execution !/bin/bash : ' According to http://static.tenable.com/proddocs/upgradeappliance.html they fixed two security vulnerabilities in the web interface in release 4.5 so I guess previous version are also vulnerable. Exploit Title: Unauthenticated remot...

CVE-2017-6554

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACTNEWFILESENT action...

USN-3250-1 linux vulnerability

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service system crash or execute arbitrary code with administrative privileges...

CVE-2016-6268

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory...

EMC ScaleIO Local Elevation of Privilege Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local elevation of privilege vulnerability exists in EMC ScaleIO. A local attacker could exploit this vulnerability to execute arbitrary...

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

! Last week, a man named Dawid Golunski Polish hackers discovered the existence of the MySQL vulnerabilities: a remote root code execution exploit and a privilege escalation vulnerability. At the time, Golunski only provides the first vulnerability poc, but the commitment will disclose a second...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware,...

FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0)

Dawid Golunski reports : An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

MySQL <= 5.7.15 remote Root code execution vulnerability

http://legalhackers.com - dawid at legalhackers.com - Release date: 12.09.2016 I. VULNERABILITY ------------------------- MySQL = 5.7.15 Remote Root Code Execution / Privilege Escalation 0day 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND...

Elevation of Privilege Vulnerability in Multiple NUUO and NetGear Products

NUUO NVRmini 2 and NVRsolo are network video recorders.NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution that integrates video surveillance software, storage, switching, and network management.NUUO Crystal is a Linux-based enterprise VMS Virtual Memory System NUUO...

setroubleshoot: command injection issues

Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

Cisco Virtualization Experience Client Input Validation Elevation of Privilege Vulnerability

Cisco Virtualization Experience Client is a thin client for integrated virtualization infrastructure from Cisco USA. An input validation vulnerability in the subsystem that manages the WEB interface, included in firmware version 11.2 27.4 of the Cisco Virtualization Experience Client 6000 series,...