MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
Home » MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
MySQL / MariaDB / PerconaDB – Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
Condividi
RSS
Piu’ articoli…
- Cos’è la Cyber Security? Definizione e proposte
- Tecniche spammer: come sfruttano la posta elettronica?
- La minaccia del ransomware DDoS
- Analisi di sicurezza procedurale – Grazie per averci contattato!
- Zombie phishing: attenzione alle email, potrebbero essere zombie
- Ingegneria sociale: come gli hacker truffano le loro vittime
- Cos’è il phishing? Capire e individuare attacchi di ingegneria sociale
- Evitare il Ransomware: ecco perché è meglio non correre alcun rischio
Categorie …
- Backup as a Service (3)
- Acronis Cloud Backup (17)
- Veeam Cloud Connect (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- Log Management (2)
- Monitoraggio ICT (4)
- Novita' (12)
- ownCloud (7)
- Privacy (7)
- Secure Online Desktop (14)
- Security (6)
- Ethical Phishing (3)
- SOCaaS (12)
- Vulnerabilita' (82)
- Web Hosting (14)
Tags
CSIRT
- Vulnerabilità su VMware View Planner
(AL01/210305/CSIRT-ITA) Marzo 5, 2021Rilevata una vulnerabilità di gravità “alta” su VMware View Planner che potrebbe consentire l’esecuzione di codice da remoto.
- Aggiornamento Google Chrome sana vulnerabilità 0-day
(AL01/210304/CSIRT-ITA) Marzo 4, 2021Google ha rilasciato una nuova versione del browser Chrome per sanare 47 vulnerabilità di cui una di tipo 0-day attivamente sfruttata in rete.
- Campagna phishing sfrutta ambienti di Rapid Web Development
(AL02/210303/CSIRT-ITA) Marzo 3, 2021La campagna è ideata per sottrarre agli utenti credenziali di servizi aziendali.
- Sfruttate vulnerabilità 0-day su Exchange Server
(AL01/210303/CSIRT-ITA) Marzo 3, 2021Lo sfruttamento concatenato di 4 vulnerabilità 0-day (per cui sono ora disponibili le patch) consentirebbe di accedere, esfiltrare i dati e ottenere la persistenza su server Microsoft Exchange.
- Campagna sLoad veicolata tramite PEC
(AL01/210302/CSIRT-ITA) Marzo 2, 2021A partire dalla mattinata del 1° marzo, è stata rilevata una massiccia campagna di email PEC malevole finalizzate a veicolare una variante del malware sLoad.
- La Settimana Cibernetica del 28 febbraio 2021 Marzo 1, 2021Il riepilogo delle notizie pubblicate dallo CSIRT italiano dal 22 al 28 febbraio 2021.
- Vulnerabilità critiche su prodotti Cisco
(AL01/210226/CSIRT-ITA) Febbraio 26, 2021Cisco ha rilasciato avvisi di sicurezza relativi a vulnerabilità con impatto critico, alto e medio su diversi prodotti.
- Vulnerabilità su prodotti VMware
(AL03/210224/CSIRT-ITA) Febbraio 24, 2021Sono state recentemente individuate 3 vulnerabilità nei prodotti VMware, una delle quali di livello critico.
- Campagna phishing con riferimenti INPS
(AL02/210224/CSIRT-ITA) Febbraio 24, 2021Recentemente è stata osservata una campagna malevola a tema rimborso fiscale finalizzata a sottrarre dati personali e bancari.
- Piattaforma Google sfruttata per esfiltrare dati bancari
(AL01/210224/CSIRT-ITA) Febbraio 24, 2021La piattaforma Google Apps Script sarebbe stata utilizzata dal malware Magecart per favorire l’esfiltrazione di dati bancari.
Dark Reading:
- 5 Ways Social Engineers Crack Into Human Beings Marzo 5, 2021These common human traits are the basic ingredients in the con-man's recipe for trickery.
- Realistic Patch Management Tips, Post-SolarWinds Marzo 5, 2021Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
- On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes. Marzo 5, 2021On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
- Encrypted Traffic Strategies Marzo 5, 2021
- Make Sure That Stimulus Check Lands in the Right Bank Account Marzo 5, 2021If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
- Business Apps Spoofed in 45% of Impersonation Attacks Marzo 4, 2021Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.
- Healthcare Still Seeing High Level of Attacker Activity Marzo 4, 2021Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.
- Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign Marzo 4, 2021Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
- Secure Laptops & the Enterprise of the Future Marzo 4, 2021The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
- New Social Security Scam Spoofs Government Badges Marzo 4, 2021Criminals text or email photos of fake government identification badges to trick people into sending money.
Full Disclosure
- Backdoor.Win32.BO2K.09.b / Unauthenticated Remote Command Execution Marzo 5, 2021Posted by malvuln on Mar 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/90894ac48059687ea80e565f7529e53f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.BO2K.09.b Vulnerability: Unauthenticated Remote Command Execution Description: Backdoor BO2K.09.b listens on TCP ports 707 and 808. Third party adversarys who can reach the system, can execute any command on the infected […]
- Backdoor.Win32.BO2K.ab / Local File Buffer Overflow Marzo 5, 2021Posted by malvuln on Mar 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ca4e5a6ff033b62fa59de5a5dd24c7f9.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.BO2K.ab Vulnerability: Local File Buffer Overflow Description: PsyConf - Program configuration tool doesnt properly check the executables it parses. Loading a specially crafted file triggers a buffer overflow overwriting ECX...
- Backdoor.Win32.DarkKomet.irv / Insecure Permissions Marzo 5, 2021Posted by malvuln on Mar 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/341b2c3222122bd25c8509fc09534dec.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.irv Vulnerability: Insecure Permissions Description: DarkKomet.irv creates an insecure hidden dir named "updter" under c:\ drive and drops executable "updt.exe". The backdoor grants change (C)...
- Defense in depth -- the Microsof way (part 72): "compatibility" trumps security Marzo 5, 2021Posted by Stefan Kanthak on Mar 05Hi @ll, the following is a shortened version of With Windows 10 20H1, Microsoft moved the function to install and update device drivers available online, i.e. on Windows Update, from Device Manager to Windows Update. Device Manager runs under arbitrary "Administrator" accounts: device driver installation started from its GUI […]
- New BlackArch Linux Slim ISO released! Marzo 5, 2021Posted by Black Arch on Mar 05Dear List, We are proud to present the newest BlackArch ISO; The Slim-ISO (v2021.03.01) which has a brand new graphical installer as well as some new things, such as: - XFCE desktop environment - stable tools only - default zsh shell - awesome theme and BlackArch customized menus - […]
- AST-2021-006: Crash when negotiating T.38 with a zero port Marzo 4, 2021Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2021-006 Product Asterisk Summary Crash when negotiating T.38 with a zero port Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Minor...
- Trojan-Spy.Win32.Stealer.osh / Insecure Permissions Marzo 2, 2021Posted by malvuln on Mar 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/d58b1c2f540268bd9dd920455568d45f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Stealer.osh Vulnerability: Insecure Permissions Description: The malware creates an insecure dir named "DESKTOP-2C3IQHO" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users...
- Backdoor.Win32.RemoteManipulator.fdo / Insecure Permissions Marzo 2, 2021Posted by malvuln on Mar 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.fdo Vulnerability: Insecure Permissions Description: The backdoor creates an insecure randomly named hidden dir with a .tmp ext E.g. 8RK86.tmp and grants change (C) permissions to the authenticated user group....
- Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) Marzo 2, 2021Posted by Marc on Mar 02Multiple Vulnerabilities in jpeg-xl =================================== CVE: CVE-2021-27804 Highest Severity Rating: High Confirmed Affected Versions: jpeg-xl v0.3.1 and earlier Vendor: Joint Photographic Experts Group (JPEG) Vendor URL: https://gitlab.com/wg1/jpeg-xl Summary and Impact ------------------ jpeg-xl is the reference implementation by the Joint Photographic Experts Group (JPEG) of the new JPEG XL standard. Multiple […]
- SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall Marzo 1, 2021Posted by SEC Consult Vulnerability Lab on Mar 01seems we had some newline issues before, sorry for the inconvenience. Here is our advisory again: SEC Consult Vulnerability Lab Security Advisory < 20210301-0 > ======================================================================= title: Authentication bypass vulnerability product: Genua GenuGate High Resistance Firewall vulnerable version: GenuGate
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Tempo di lettura: 8 min Let's Encrypt e' una Certificate Authority (CA) che facilita l'ottenimento e l'installazio… https://t.co/5qR57XGU5l
-
SecureOnlineDesktop
Cyber threat intelligence individua i pericoli prima che causino danni Trova le minacce prima che diventino dei pr… https://t.co/rYQhhrvdcA
-
SecureOnlineDesktop
Procedural Safety Analysis Verify that company operations comply with the standards set for data processing G.D.P.R… https://t.co/fsxTPgGz1X
-
SecureOnlineDesktop
Cyber threat intelligence identify dangers before they cause damage Find threats before they become a problem… https://t.co/eoT3Mfmi7g
-
SecureOnlineDesktop
Analisi di Sicurezza Procedurale Verifica che le operazioni in azienda rispettino gli standard imposti per il trat… https://t.co/HYs4UsX3mP
Newsletter
Prodotti e Soluzioni
- Cloud Server
- Conferenza Cloud
- Web Hosting
- Cloud CRM
- Consulenza ICT | Outsourcing
- ownCloud
- BaaS | Cloud Backup
- Log Management
- Servizio di monitoraggio ICT
- Next Generation SIEM
- Phishing Etico
- VPN Aziendali
- Progetti ICT
- Consulenze
- Vulnerability Assessment & Penetration Test
- Progetti Web
- Privacy | GDPR
- SOC as a Service
News
- Cos’è la Cyber Security? Definizione e proposte Marzo 3, 2021
- Tecniche spammer: come sfruttano la posta elettronica? Marzo 1, 2021
- La minaccia del ransomware DDoS Febbraio 24, 2021
- Analisi di sicurezza procedurale – Grazie per averci contattato! Febbraio 20, 2021
- Zombie phishing: attenzione alle email, potrebbero essere zombie Febbraio 15, 2021
Recensioni Google























Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications