146 matches found
Integer overflow
Integer signedness error in the ipsetsrcfilter function in the IP Multicast Filter in uts/common/inet/ip/ipmulti.c in the kernel in Sun Solaris 10 and OpenSolaris before snv92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large val...
Server side request forgery (ssrf)
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request...
CVE-2008-1932
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request...
CVE-2008-1931
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request...
Integer overflow
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request...
CVE-2008-1931
The CVE-2008-1931 issue affects Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys on Windows Vista. A crafted IOCTL request lets a local user create, write, and read registry keys, indicating a local privilege escalation vulnerability. The root cause is improper handling of IOCTLs by t...
CVE-2008-1932
CVE-2008-1932 affects Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys on Windows Vista. The root cause is an integer overflow triggered by a crafted IOCTL request, enabling a local user to execute arbitrary code . The vulnerability is described as a local privilege escalation in mult...
CVE-2008-1931
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request...
CVE-2008-1932
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request...
CVE-2008-1471
The CVE-2008-1471 issue affects Panda Security products using the cpoint.sys kernel driver (Panda Internet Security 2008 and Antivirus+ Firewall 2008). A crafted IOCTL request can trigger an out-of-bounds write in kernel memory, enabling a local attacker to cause a denial of service (system crash...
SafeGuard PrivateDisk 2.02.3 - privatediskm.sys Multiple Local Security Bypass Vulnerabilities
SafeGuard PrivateDisk 2.02.3 - privatediskm.sys Multiple Local Security Bypass Vulnerabilities // source: https://www.securityfocus.com/bid/45749/info SafeGuard PrivateDisk is prone to multiple local security-bypass vulnerabilities. Attackers with physical access to a computer with the affected...
Design/Logic Flaw
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRVIOCTL IOCTL request...
CVE-2007-4686
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service system shutdown or gain privileges via a crafted TIOCSETD ioctl request...
Stack overflow
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...
CVE-2007-4267
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...
CVE-2007-4267
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...
CVE-2007-4267
Apple Mac OS X 10.4–10.4.10 (and Mac OS X Server 10.4–10.4.10) contain a stack-based kernel overflow in the AppleTalk networking path. The vulnerability arises when an IOCTL adds an AppleTalk zone to a routing table, allowing a local attacker to cause arbitrary code execution with kernel privileg...
WinPcap NPF.SYS bpf_filter_init函数本地权限提升漏洞
BUGTRAQ ID: 26409 CVECAN ID: CVE-2007-5756 WinPcap是WIN32平台上的网络分析和捕获数据包的链接库。 WinPcap的NPF.SYS设备驱动中的bpffilterinit函数存在无效的数组索引漏洞,这个函数的几处调用未经正确的边界检查便将用户所提供的输入值用作了数组索引。如果用特定的值执行了IOCTL请求,攻击者就可以破坏内核中的栈或池内存,导致执行任意指令。 通常在管理员使用WinPcap相关应用程序时会加载设备驱动,加载后正常用户都可以访问,使用这个驱动的程序退出后也不会卸载这个驱动,因此在手动卸载之前仍可利用。 WinPcap...
KLA10395 LPE vulnerability in WinPcap
Array index errors were found in WinPcap. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally via a specially designed IOCTL request. Original advisories WinPcap changelog Related products WinPcap CVE list CVE-2007-5756 high Solution...
Memory corruption
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet Irp in a METHODNEITHER 1 IOCTL 0x8400000F or 2 IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations...