>> ARCHIVE: 2016-11

WordPress Olimometer plugin versions 2.56 and below suffer from a remote SQL injection vulnerability.

Linux kernel versions 2.6.22 and below 3.9 Dirty COW PTRACE_POKEDATA race condition privilege escalation exploit that provides write access.

Burden TMA version 2.1.1 suffers from a cross site scripting vulnerability.

Atbox.io suffers from an open redirection vulnerability.

AOMEI Backupper Standard version 3.5 suffers from a dll hijacking vulnerability.

Core FTP LE version 2.2 build 1883 suffers from a buffer overflow vulnerability.

ChatNow version 1.1 suffers from a remote SQL injection vulnerability.

Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr privilege escalation proof of concept exploit. Leverages the issue as noted in MS16-135.

Disk Pulse Enterprise version 9.1.16 suffers from a buffer overflow vulnerability.

This exploit uses the pokemon exploit as a base and automatically generates a new passwd line. The original /etc/passwd is then backed up to /tmp/passwd.bak and overwritten with the new…