CVE-2008-5144

nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file...

CVE-2008-4832

CVE-2008-4832 affects rc.sysinit in initscripts (versions 8.12-8.21 and 8.56.15-0.1 on rPath). The vulnerability stems from a race condition tied to an improper fix for CVE-2008-3524, enabling local users to delete arbitrary files via a symlink attack on a directory under /var/lock or /var/run. E...

sudo-local.txt

!/bin/sh Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0; execl"/bin/sh","sh","-c","chown 0:0 /tmp/xxxx; /bin/chmod +xs /tmp/xxxx",NULL; EOF cat xxxx.c EOF int mainvoid setgid0; setuid0; //...

Linux Kernel 2.6.22 - ftruncate()open() Local Privilege Escalation

Linux Kernel 2.6.22 - ftruncateopen Local Privilege Escalation / gw-ftrex.c: Linux kernel bug information: http://osvdb.org/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into obviously world-writable, e.g: find /...

MS Win2003 Token Kidnapping Local Exploit PoC-vulnerability warning-the black bar safety net

Neeao: it is said that there have been N many people use to mention the right to success. From: It has been a long time since Token Kidnapping presentation was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account. Basically if you can run code...

K9 Web保护验证绕过漏洞

BUGTRAQ ID: 31584 CNCAN ID：CNCAN-2008100704 K9 Web Protection是一款桌面电脑上所使用的内容过滤解决方案，允许用户控制可访问的Internet内容。 K9 Web Protection存在验证绕过问题，本地攻击者可以利用漏洞未授权访问受影响的应用程序。 Blue Coat K9 Web Protection V4.0.230 Beta存在漏洞允许任何用户绕过位于http://127.0.0.1:2372的本地管理平台。 只要简单的禁用JavaScript可导致无需要密码访问应用程序。 Blue Coat Systems K9 We...

MS Windows 2003 Token Kidnapping Local Exploit PoC

Exploit for unknown platform in category local exploits ================================================== MS Windows 2003 Token Kidnapping Local Exploit PoC ================================================== From http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html It h...

kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...

Chat Anywhere 2.72a Local Password Disclosure Exploit

No description provided by source. / Chat Anywhere 2.72a Local Exploit by Kozan Application: Chat Anywhere 2.72a Vendor:LionMax Software http://www.lionmax.com/ Vulnerable Description: Chat Anywhere 2.72a discloses passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web :...

CVE-2008-3911

The CVE-2008-3911 issue affects the Linux kernel 2.6.26.3, specifically the proc_do_xprt function in net/sunrpc/sysctl.c, which does not validate the length of a user-supplied buffer when reading /proc/sys/sunrpc/transports. This can allow local users to overflow a stack-based buffer and cause un...

acoustica-overflow.txt

!/usr/bin/perl Acoustica Mixcraft mx4 file Local Buffer Overflow Exploit Author: Koshi Date: 08-28-08 0day Application: Acoustica Mixcraft Versions: Possibly Older / 4.1 Build 96 / 4.2 Build 98 Site: http://acoustica.com/mixcraft/download.htm Tested On: Windows XP SP3 Fully Patched A vulnerabilit...

EO Video 1.36 Local Heap Overflow DOS / PoC

No description provided by source. !/usr/bin/python -------------------------------------------------------------- EO Video v1.36 Heap Overflow local PoC/DoS exploit .eop playlist file in Name buffer overflow Other versions may be vulnerable too...

GetDataBack Data Recovery 2.31 Local Exploit

No description provided by source. / GetDataBack for NTFS v2.31 Local Exploit by Kozan Application: GetDataBack for NTFS v2.31 Vendor: www.runtime.org - Runtime Software Vulnerable Description: GetDataBack for NTFS v2.31 discloses licence informaations username and key to local users. Discovered ...

RealPlayer 10 ".smil" File Local Buffer Overflow Exploit

No description provided by source. / RealPlayer .smil file buffer overflow Coded by nolimit@CiSO & Buzzdee greets to COREiSO & news & flare & class101 & ESI & RVL & everyone else I forget This uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over th...

P2P Share Spy 2.2 Local Password Disclosure Exploit

No description provided by source. / P2P Share Spy 2.2 Local Exploit by Kozan Application: P2P Share Spy 2.2 Vendor: Rebrand Software - www.rebrandsoftware.com Vulnerable Description: P2P Share Spy 2.2 discloses passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web :...

Mac OS X <= 10.3.8 (CF_CHARSET_PATH) Local Root Buffer Overflow

No description provided by source. / MacOS XCFCHARSETPATH: local root exploit. by: [email protected] fakehalo/realhalo found by: iDefense anon finder saw the advisory on bugtraq and figured i'd slap this together, so simple i had to. exploits via the /usr/bin/su binary. you must press ENTER at the...

Aeon 0.2a Local Linux Exploit (perl code)

No description provided by source. !/usr/bin/perl Aeon-mail relay agent for Linux written by lammat just for practice purposes tested against aeon-0.2a http://grpower.ath.cx [email protected] execve/bin/sh for linux x86 29 bytes by Matias Sedalo $shellcode =...

OpenBSD (ibcs2_exec) Kernel Local Exploit

No description provided by source. // // Patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005exec.patch // include sys/types.h include sys/stat.h include fcntl.h include stdio.h / $OpenBSD: ibcs2exec.h,v 1.3 2002/03/14 01:26:50 millert Exp $ / / $NetBSD: ibcs2exec.h,v 1.4 1995/03/14...

SuSE linux 9.0 YaST config Skribt Local Exploit

No description provided by source. include stdio.h include unistd.h include string.h define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." define START 1 define END 33000 int mainint argc, char argv int i; char buf150; printf"\tSuSE 9.0 YaST script SuSEconfig.gnome-filesystem exploit\n";...

Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)

No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...