4067 matches found
KLA10480 Security bypass in Linux Kernel
Race condition was found in Linux Kernel. By exploiting this vulnerability malicious users bypass security restrictions. This vulnerability can be exploited locally via manipulating with handlebytes value. Original advisories - Related products Linux-Kernel CVE list CVE-2015-1420 warning Solution...
Crystal Player 1.99 - Memory Corruption
Crystal Player 1.99 - Memory Corruption Document Title: =============== Crystal Player 1.99 - Memory Corruption Vulnerability Date: ============= 21/01/2015 Vendor Homepage: ================ http://www.crystalreality.com/ Abstract Advisory Information: ============================== Memory...
CVE-2014-1425
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors...
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability
Document Title: =============== ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1387 Release Date: ============= 2014-12-24 Vulnerability Laboratory ID VL-ID: ===================================...
kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...
Important: Red Hat Security Advisory: libXfont security update
Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
ObjectInputStream deserializable
In Android 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-privat...
OpenBSD 5.5 Local Kernel Panic Exploit
OpenBSD versions 5.5 and below local kernel panic proof of concept exploit for i386...
Linux PolicyKit Race Condition Privilege Escalation Exploit
A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to...
Linux PolicyKit Race Condition Privilege Escalation
A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to...
Immunity Canvas: OSX_PARSEKEYMAPPING
Name| osxparsekeymapping ---|--- CVE| CVE-2014-4404 Exploit Pack| CANVAS Description| IOHIKeyboardMapper::parseKeyMapping local privilege escalation Notes| CVE Name: CVE-2014-4404 VENDOR: Apple Notes: Tested on: - 10.9 - 10.9.1 - 10.9.2 - 10.9.3 - 10.9.4 - 10.9.5 Repeatability: Multiple Times...
Advantech WebAccess Vulnerabilities
Advisory ID Internal CORE-2014-0005 1. Advisory Information Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL:http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted:...
AIMP2 Audio Converter <= 2.53b330 (.pls/.m3u) Unicode Crash PoC
No description provided by source. !/usr/bin/python AIMP2 Audio Converter = 2.53 build 330 .pls/.m3u Unicode local crash PoC Found & exploited by: mrme Download: ftp://www.catode.ru/AIMP/aimp2.51.330.zip Tested on: Wind0ws XP SP3 Unicode overflow, maybe someone with better skills can exploit this...
Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)
No description provided by source. !/user/bin/perl Destiny Media Player 1.61 Local BoF Code Exploit Coded by : sCORPINo Snoop Security Researching Committe originally discovered by: Encrypt3d.M!nd windows/exec - 142 bytes http://www.metasploit.com Encoder: x86/fnstenvmov EXITFUNC=thread, CMD=calc...
FireFly 1.0 - Local Proxy Password Disclosure Exploit
No description provided by source. / FireFly v1.0 Local Exploit by Kozan Application: FireFly v1.0 Vendor: NetCruiser Software - www.netcruiser-software.com Vulnerable Description: FireFly v1.0 discloses proxy passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web :...
QNX 6.4.x/6.5.x ifwatchd - Local root Exploit
No description provided by source. !/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 [email protected] - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can...
htpasswd Apache 1.3.31 - Local Exploit
No description provided by source. !/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = \x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68...
rsync <= 2.5.7 - Local stack overflow Root Exploit
No description provided by source. / rsync = 2.5.7 Local Exploit Saved EIP on stack is overwritten with address of shellcode in memory Generally rsync is not setuid or setgid so just a local shell is of no use So i used a portbinding shellcode as a PoC of a different attack vector. RET is...
Vixie Cron crontab 3.0 Privilege Lowering Failure Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. When a parsing error occurs after a modification operation, crontab will fail to drop...
BitchX <= 1.0c20 Local Buffer Overflow Exploit
No description provided by source. / Tested on BitchX-1.0c19 /str0ke / / P.o.C Exploit Code for BitchX made for Version BitchX-1.0c20cvs -- Date 20020325 C 2004. GroundZero Security Research and Software Development http://www.groundzero-security.com released under the GNU GPL -...