X.Org xorg-x11-xfs <= 1.0.2-3.1 Local Race Condition Exploit

No description provided by source. !/bin/sh Xorg-x11-xfs Race Condition Vuln local root exploit CVE-2007-3103 Another lame xploit by vl4dZ : works on redhat el5 and before $ id uid=1001kecos gid=1001user groups=1001user $ sh xfs-RaceCondition-root-exploit.sh Generate large data file in...

DESlock+ <= 3.2.6 (list) Local Kernel Memory Leak PoC

No description provided by source. / deslock-list-leak.c Copyright c 2008 by [email protected] DESlock+ = 3.2.6 local kernel mem leak POC by mu-b - Fri 21 Dec 2007 - Tested on: DLMFENC.sys 1.0.0.26 kernel pool memory leak by continually allocating link list structures and never freeing them. Th...

DESlock+ <= 3.2.6 DLMFDISK.sys local kernel ring0 SYSTEM Exploit

No description provided by source. / deslock-pown-v2.c Copyright c 2008 by [email protected] DESlock+ = 3.2.6 local kernel ring0 SYSTEM exploit by mu-b - Wed 26 Dec 2007 - Tested on: DLMFDISK.sys 1.2.0.27 - Microsoft Windows 2003 SP2 - Microsoft Windows XP SP2 Note: create a mountable filesyste...

Firebird Remote Memory Corruption

Advisory Information Title: Firebird Remote Memory Corruption Advisory ID: CORE-2007-1219 Advisory URL: https://www.coresecurity.com/core-labs/advisories/firebird-remote-memory-corruption Date published: 2008-01-28 Date of last update: 2008-01-24 Vendors contacted: Firebird SQL Release mode:...

Debian Security Advisory DSA 155-1 (kdelibs)

The remote host is missing an update to kdelibs announced via advisory DSA 155-1. OpenVAS Vulnerability Test $Id: deb1551.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 155-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits =========================================================================== Microsoft Visual InterDev 6.0 SP6 .sln File Local Buffer Overflow Exploit =========================================================================== usage: exploit....

Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow

usage: exploit.py FileName import sys print "------------------------------------------------------------------------" print ' Microsoft Visual InterDev 6.0 SP6 ".sln" files Local Buffer Overflow' print " author: shinnai" print " mail: shinnaiatautisticidotorg" print " site:...

Solaris SPARC / x86 Local Socket Hijack Exploit

No description provided by source. / $ An open security advisory 7 - SUN Solaris SOREUSEADDR Local Socket Hijack Bug 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Local / Remote ...

PHP <= 4.4.0 (mysql_connect function) Local Buffer Overflow Exploit

No description provided by source. ?php / This exploit was designed to work with PHP versions 4.3.10 and 4.4.0 under Windows XP SP 1. If another operating system is used, the replacement EIP must be changed. The replacement EIP is written 261 bytes into our string. For this exploit, I used a CALL...

WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow

// source: https://www.securityfocus.com/bid/26979/info WinUAE is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute...

CVE-2007-6227

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock codegenbuffer buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com...

CVE-2007-6227

CVE-2007-6227 affects QEMU 0.9.0, where a local user in a Windows XP SP2 guest can overwrite the TranslationBlock (code_gen_buffer) due to an overflow, with unspecified additional impacts. The issue is documented across multiple advisories (Mandriva MDVSA-2008:162; Gentoo GLSA 2014-08-17; RH Red ...

CVE-2007-3749

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of...

Sony CONNECT Player 4.x (m3u File) Local Stack Overflow Exploit

Exploit for unknown platform in category local exploits =============================================================== Sony CONNECT Player 4.x m3u File Local Stack Overflow Exploit =============================================================== !/usr/bin/python Secunia Advisory : SA27270 Release...

Sony CONNECT Player 4.x - '.m3u' Local Stack Overflow

!/usr/bin/python Secunia Advisory : SA27270 Release Date : 2007-10-29 Sony CONNECT Player M3U Playlist Processing Stack Buffer Overflow m3u File Local Exploit Bug discovered by Parvez Anwar Exploit Written by TaMBaRuS [email protected] Tested on: Sony CONNECT Player SonicStage 4.x installed on...

CVE-2003-1474

CVE-2003-1474 concerns the FreeBSD Ports Collection component slashem-tty, which is reported to be installed with write permissions for the games group. The provided documents state that local users with games group privileges can modify slashem-tty and execute arbitrary code as other users, leve...

jetaudio-local.txt

!/usr/bin/python jetAudio 7.x m3u File 0day Local SEH Overwrite Exploit Bug discovered by Krystian Kloskowski h07 Tested on: jetAudio 7.0.3 Basic / 2k SP4 Polish Shellcode: Windows Execute Command calc Just for fun ; from struct import pack m3u = "EXTM3U\nhttp://%s" shellcode =...

CVE-2007-5225

CVE-2007-5225 is a Solaris local-privilege/ memory-leak issue caused by an integer signedness error in fifofs (FIFO filesystems) that allows a local user to read unspecified memory via a negative value to the I_PEEK ioctl on Solaris 8–10. For Solaris 10, patches exist: 127738-01 for x86 and 12773...

CVE-2007-5201

The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...

Design/Logic Flaw

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain...