Exploits released for two critical 0Day vulnerabilities on MySQL

These vulnerabilities could be exploited in shared hosting environments to gain access to all databases Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB). At that time, the security researcher Dawid Golunski published only technical details and proof-of-concept exploit code for the first bug. Now…

CVE-2016-6662: a critical MySQL Zero-Day

Oracle, are you there? We need you! Dawid Golunski, a Polish security researcher discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016–6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The vulnerability that affect all currently supported MySQL versions as well as MariaDB and…

CVE-2016–1287: Cisco ASA Software IKEv1 / IKEv2 Buffer Overflow, proof of concept released

Exodus Intelligence have released the proof of concept code on their GitHub page On February, 10 2016 a vulnerability related to the Internet Key Exchange (IKE) protocol implementation of Cisco devices (CVE-2016–1287) was ufficially released. Yesterday, the researchers who found this bug, Exodus Intel, have released the proof of concept code on their GitHub page. Affected…