IBM OmniFind - Buffer Overflow

Remote buffer overflow CVE-2010-3894 The administration interface has a login form with an username- and a passwordfield. Entering a valid username default value is »esadmin« and a very long string into the password field a buffer overflow is triggered. The function...

Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation

/ i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN subsystem when setting up frame content and filtering certain messages. An attacker...

FreeBSD 6.4 root shell exploit 0 day-vulnerability warning-the black bar safety net

The following code exploit the vulnerability to run in kernel-mode code if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits the vulnerability to run code in kernel mode, giving root she...

FreeBSD 6.4 root shell exploit 0 day-vulnerability warning-the black bar safety net

The following code exploit the vulnerability to run in kernel-mode code if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits the vulnerability to run code in kernel mode, giving root she...

VMSA-2010-0005:VMware products address vulnerabilities in WebAccess

VMSA-2010-0005 VMware products address vulnerabilities in WebAccess VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2010-0005 VMware Security Advisory Synopsis: VMware products address vulnerabilities in WebAccess VMware Security Advisory Issue date: 2010-03-29 VMware Security...

Sun Connection Update Manager for Solaris - Multiple Insecure Temporary File Creation Vulnerabilities

source: https://www.securityfocus.com/bid/38928/info Sun Connection Update Manager for Solaris creates temporary files in an insecure manner. An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the...

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit

No description provided by source. if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from jail. endif /...

FreeBSD 6.4 pipeclose()/knlist_cleardel() Race Condition

if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from jail. endif / 29.08.2009, babcia padlina FreeBSD includ...

FreeBSD 6.4 - pipeclose()knlist_cleardel() Race Condition

FreeBSD 6.4 - pipecloseknlistcleardel Race Condition if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from...

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit

Exploit for unknown platform in category local exploits ================================================================ FreeBSD 6.4 pipeclose/knlistcleardel race condition exploit ================================================================ Title: FreeBSD 6.4 pipeclose/knlistcleardel race...

FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition

if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from jail. endif / 29.08.2009, babcia padlina FreeBSD includ...

Ubuntu Package Backdoor Using Metasploit

This video demonstrates the ease with which an attacker can create a root shell on a Linux machine using a backdoor Trojan and a Metasploit payload. Via SecurityTube...

HyperVM File Permissions Local Vulnerability

No description provided by source. HyperVM is a virtualization application that runs off a host node and can provide several Virtual Private Servers. There is a previously unreported vulnerability in HyperVM/Kloxo. It was originally documented in ISSUE 14 by an anonymous author:...

FreeBSD kevent()系统调用竞争条件漏洞

BUGTRAQ ID: 36101 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的SMP系统中的kevent系统调用存在竞争条件错误。如果本地用户生成了两个线程，其中第一个线程循环执行open和close系统调用而第二个线程循环执行kevent尝试添加无效的文件描述符，就会触发内核态的空指针引用，导致拒绝服务或运行root shell。 FreeBSD = 6.1 厂商补丁： FreeBSD ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

HyperVM - File Permissions Credential Disclosure

HyperVM is a virtualization application that runs off a host node and can provide several Virtual Private Servers. There is a previously unreported vulnerability in HyperVM/Kloxo. It was originally documented in ISSUE 14 by an anonymous author: http://www.milw0rm.com/exploits/8880 It turns out th...

HyperVM - File Permissions Credential Disclosure

HyperVM - File Permissions Credential Disclosure HyperVM is a virtualization application that runs off a host node and can provide several Virtual Private Servers. There is a previously unreported vulnerability in HyperVM/Kloxo. It was originally documented in ISSUE 14 by an anonymous author:...

FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation

FreeBSD 6.1 - kqueue Null Pointer Dereference Privilege Escalation / FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thre...

FreeBSD <= 6.1 kqueue() NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation

/ FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

FreeBSD 6.1 kqueue() NULL Pointer Dereference

FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...