EUVD-2016-1339

Malware in sbrugna...

EUVD-2025-21940

Malicious code in bioql PyPI...

systemd security and bug fix update

239-74.0.4.2 - Fix CVE-2023-26604 - pager: set whenver we invoke a pager [email protected] 2175624 - pager: make pager secure when under euid is changed or explicitly requested [email protected] 2175624 - pager: lets check SYSTEMDPAGERSECURE with securegetenv...

CVE-2017-5940

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private optio...

Apple macOS 10.12 - task_t Local Privilege Escalation

Apple macOS 10.12 - taskt Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...

Apple macOS 10.12 - 'task_t' Local Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very exploitable bugs as a result. taskt is just a typedef...

Race you to the kernel!

Posted by Ian Beer of Google Project Zero The OS X and iOS kernel code responsible for loading a setuid root binary invalidates the old task port after first swapping the new virtual memory map pointer into the old task object, leaving a short race window where you can manipulate the memory of an...

Gentoo Security Advisory GLSA 201406-27

Gentoo Linux Local Security Checks GLSA 201406-27 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an...

Oracle Internet Directory 2.0.6 oidldap Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1828/info Oracle Internet Directory 2.0.6 is a pre-alpha development release, available as both an addon package and in the Oracle Database Software release 8.1.6. A vulnerability has been found in the oidldap binary with...

HP-UX 9.x/10.x/11.x cu Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1886/info cu is a unix utility that is used for communication between two hosts usually over phone lines. It is typically isntalled setuid root so that it can access communications hardware when executed by a regular user...

Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes

No description provided by source. / Title: Linux x86 - execve/bin/bash, /bin/bash, -p, NULL - 33 bytes Author: Jonathan Salwan Mail: [email protected] Web: http://www.shell-storm.org !Database of Shellcodes http://www.shell-storm.org/shellcode/ sh sets euid, egid to uid, gid if -p not...

polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation

Background polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. Description polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed. Impact A local...

QNX 6.5.0 x86 phfont - Local root Exploit

Exploit for QNX platform in category local exploits / QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environmen...

QNX 6.5.0 x86 io-graphics - Local root Exploit

Exploit for QNX platform in category local exploits / QNX 6.5.0 x86 io-graphics local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2HOME...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to...

Linux Kernel z90crypt驱动本地权限提升漏洞

CVE ID: CVE-2009-1883 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的z90crypt驱动中的z90cryptunlockedioctl函数没有对Z90QUIESCE操作执行权限检查，这可能允许拥有有效用户ID（euid）为0的本地用户绕过预期的功能限制，执行非授权操作。 Linux kernel 2.6.9 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1438-01）以及相应补丁: RHSA-2009:1438-01：Important: kernel...

Design/Logic Flaw

The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...

FreeBSD 6x/7 protosw kernel Local Privledge Escalation Exploit

No description provided by source. / This is a quick and very dirty exploit for the FreeBSD protosw vulnerability defined here: http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc This will overwrite your credential structure in the kernel. This will affect more than just the...

Oracle (oidldapd connect) Local Command Line Overflow Exploit

No description provided by source. / Exploit Code for oidldapd in Oracle 8.1.6 8ir2 for Linux. I tested in RH 6.2 and 6.1. This code is a bullshit i know please no comments about ;-. If someone exports this to Sparc please tell me. synopsis: buffer overflow in oidldapd...