Linux Kernel 2.x - sock_sendpage() Local Root Exploit (Android Edition)

No description provided by source. Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later. orig: http://zenthought.org/content/file/android-root-2009-08-16-source back: http://www.exploit-db.com/sploits/android-root-20090816.tar.gz...

G Data TotalCare 2011 0day Local Kernel Exploit

No description provided by source. / Exploit Title: G Data TotalCare 2011 0day Local Kernel Exploit Date: 2010-11-08 Author: Nikita Tarakanov CISS Research Team Software Link: http://www.gdata.de/ Version: up to date, version 21.1.0.5, MiniIcpt.sys version 1.0.8.9 Tested on: Win XP SP3 CVE :...

Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit

No description provided by source. / Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak ================================================ Information leak exploit for CVE-2010-4077 which leaks kernel stack space back to userland due to uninitialized struct member reserved in struct serialicounterstruc...

Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit

No description provided by source. / half-nelson.c Linux Kernel 2.6.36.2 Econet Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function ...

Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - &#039;perf_swevent_init&#039; Local Privilege Escalation (3)

/ Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c -O2 -o vnik $ uname -r...

Linux Kernel 3.2.0-233.5.0-23 (Ubuntu 12.0412.04.112.04.2 x64) - perf_swevent_init Local Privilege Escalation (3)

Linux Kernel 3.2.0-233.5.0-23 Ubuntu 12.0412.04.112.04.2 x64 - perfsweventinit Local Privilege Escalation 3 / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu...

Linux Kernel 3.15-rc4 PTY Race Condition Exploit

Linux Kernel versions above 3.14-rc1 and below 3.15-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit. This bug also affects kernel 2.6.31-rc3 and newer. / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread...

CVE-2014-1737

The rawcmdcopyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device...

Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows NTUserMessageCall Win32k Kernel Pool Overflow...

Google announces $2.7 million Reward for hacking Chrome OS at Pwnium Contest

Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for...

Win32k Memory Allocation Vulnerability(MS13-053)

No description provided by source. / more detials: https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up-kernel-exploit/ this poc is written by 0xBigBan / include windows.h define NtUserMessageCall 0x11ea //on win7 sp1 x86 void SystemCallDWORD ApiNumber, ... asm lea edx,...

MS13-053 Win32k Memory Allocation Vulnerability

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain...

Linux Kernel 3.7.6 (RedHat x86/x64) - &#039;MSR&#039; Driver Privilege Escalation

// PoC exploit for /dev/cpu//msr, 32bit userland on a 64bit host // can do whatever in the commented area, re-enable module support, etc // requires CONFIGX86MSR and just uid 0 // a small race exists between the time when the MSR is written to the first // time and when we issue our sysenter // w...

Novell Client 2 SP3 Privilege Escalation

Novell Client 2 SP3 Privilege escalation exploit Tested on Windows 7 and 8 x86 / nicm.sys 3.1.11.0 Thanks to Master Ryujin : The first public information I have seen about this bug was from Nikita Tarakanov @NTarakanov I am not sure weather there was anything else public Exploit for DEMO purposes...

CVE-2013-1918

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."...

CVE-2013-1827

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...

Linux Kernel 3.3.x &lt; 3.7.x (Arch Linux x86-64) - &#039;sock_diag_handlers[]&#039; Local Privilege Escalation (1)

// archer.c // // 2012 [email protected] // // Works reliably against x86-64 3.3-3.7 arch. // // Tested against: // // Linux XXX 3.3.1-1-ARCH 1 SMP PREEMPT Tue Apr 3 06:46:17 UTC 2012 x8664 GNU/Linux // Linux XXX 3.4.7-1-ARCH 1 SMP PREEMPT Sun Jul 29 22:02:56 CEST 2012 x8664 GNU/Linux // Linux XXX...

Samsung Exynos kernel exploit offer Root without Flashing

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There's both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices,...

Samsung Exynos kernel exploit offer Root without Flashing

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There’s both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices,...

Command injection

The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...