Exploits released for two critical 0Day vulnerabilities on MySQL

These vulnerabilities could be exploited in shared hosting environments to gain access to all databases Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB). At that time, the security researcher Dawid Golunski published only technical details and proof-of-concept exploit code for the first bug. Now…

CVE-2016-6662: a critical MySQL Zero-Day

Oracle, are you there? We need you! Dawid Golunski, a Polish security researcher discovered several security issues in the MySQL DBMS, including a vulnerability flaw (CVE-2016–6662) that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The vulnerability that affect all currently supported MySQL versions as well as MariaDB and…