>> TAG: #0day

Ubee EVW3226 Modem/Router 1.0.20 – Multiple Vulnerabilities

Cryptshare 3.10.1.2 – Stored XSS

PHP 7.0.8, 5.6.23 and 5.5.37 – bzread() Out-of-Bounds Write

CodoForum 3.2.1 – SQL Injection

Apache 2.4.7 & PHP <= 7.0.2 – openssl_seal() Uninitialized Memory Code Execution

mail.local(8) (NetBSD) – Local Root Exploit (NetBSD-SA2016-006)

Novel contributions to the field – How I broke MySQL’s codebase

Linux/x86-64 – Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal (84, 122, 172 bytes)

TFTP Server 1.4 – WRQ Buffer Overflow Exploit (Egghunter)

TeamPass Passwords Management System 2.1.26 – Arbitrary File Download