QNAP NAS Devices - Heap Overflow Exploit

Exploit for linux platform in category dos / poc ================== 1 Heap overflow ================== Path: /home/httpd/cgi-bin/cgi.cgi u = valid user guest|admin 1.1 / Remote / Remote host echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=fori=0;i263;i++;do echo -en "A";done HTTP/1.0\nHost: QNAP\n\n" |...

QNAP NAS Devices - Heap Overflow

QNAP NAS Devices - Heap Overflow ================== 1 Heap overflow ================== Path: /home/httpd/cgi-bin/cgi.cgi u = valid user guest|admin 1.1 / Remote / Remote host echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=fori=0;i263;i++;do echo -en "A";done HTTP/1.0\nHost: QNAP\n\n" | ncat --ssl...

PT-2017-7769 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.15 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This can be achieved by using an AF ALG socket with an incompatible...

Google Android NVIDIA Camera Driver Denial of Service Vulnerability

Android on Pixel C is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA for the Pixel C. The NVIDIA Camera Driver is one of the camera drivers used. A denial of service vulnerability exists in the NVIDIA Camera Driver in Android on Pixel C...

CVE-2016-6742

An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process...

CVE-2016-6732

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6724

A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderat...

UBUNTU-CVE-2016-6743

An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process...

Privilege escalation

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise,...

UBUNTU-CVE-2016-6739

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Androi...

CVE-2016-3338

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

Google Android AOSP Launcher Local Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which AOSP Launcher is a system desktop software. A local elevation of privilege vulnerability exists in AOSP Launcher in Android 7.0. An attacker can exploit this vulnerabilit...

ZyXEL DEL1201-T10A Authorization Bypass Vulnerability

ZyXEL DEL1201-T10A Modem Default Password is : admin In RealyIf Network Administrator Change The The Default Password To Any , We Can't Access To Modem Settings . Because We Don't Know New Password . But Authorization Bypass Access We To Change Modem Settings ! Document Title: =============== ZyX...

kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUGON in the publickeyverifysignature...

Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'Overlayfs Privilege Escalation', 'Description' = %q This module attempts ...

DirtyCow Local Root Proof Of Concept Exploit

Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd...

SUSE-SU-2016:2593-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to fix two issues. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAPPRIVATE. It is reportedly exploited in the wild bsc1004418. This non-security bug was fixed: - sched/core: Fix a race between trytowakeup an...

Oracle Sun Systems Products Suite Solaris Component Local Denial of Service Vulnerability

Oracle Solaris is a set of Unix-like operating systems from Oracle. A local denial of service vulnerability exists in the Filesystem subcomponent of the Oracle Solaris component of the Oracle Sun Systems Products Suite, versions 10 and 11.3. An attacker could exploit this vulnerability to cause a...

USN-3098-1 linux vulnerabilities

Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service system crash. CVE-2016-7039 Marco Grassi discovered a...

CVE-2016-4709

CVE-2016-4709 is a local privilege-escalation vulnerability in WindowServer on Apple OS X/macOS prior to 10.12. The root cause is a type-confusion issue in CoreGraphics handling that allows a local attacker to obtain root privileges. Connected advisories (ZDI-16-608/16-609) describe the same Wind...