4305 matches found
netOctopus Agent nantsys.sys MSR Write Local Privilege Escalation
netOctopus Agent, an asset management agent, is installed on the remote host. The installed version of netOctopus Agent includes a driver, named 'nantsys.sys', that exposes a device interface writable by all local users, allowing them to read and write arbitrary CPU Model Specific Registers MSRs....
Novell Client nicm.sys Local Privilege Escalation
The file 'NICM.SYS' included with the Novell Client software and installed on the remote host reportedly allows local users to open the device '.\nicm' and execute arbitrary code in kernel mode using specially-constructed input. C Tenable Network Security, Inc. include"compat.inc"; if description...
From the Kabbah vulnerability glimpse of kernel-mode Shellcode writing-vulnerability warning-the black bar safety net
Source: gyzy's Blog This article has been published in the hacker line of Defense of the 2 0 0 7 year 1 1 monthly. The author and the hacker line of Defense on the retention of copyright, reproduced, please indicate the original source For the reader: overflow of lovers Pre-knowledge: Assembly...
WinPcap driver array overflow
Array index overflow in kernel mode on IOCTL handling...
[48bits] Advisory : Multiple vulnerabilities in Norman NVC 5.82 driver
Abstract: There are multiple bugs in nvcoaft51 driver from Norman products. These bugs could be locally exploited by a malicious user in order to gain unlimited access to the system. Nvcoaft51 driver creates a device named NvcOa without a restrictive security descriptor, so any user can open it a...
AVG Anti-virus avg7core.sys 0x5348E004 IOCTL Local Privilege Escalation
AVG Anti-Virus is installed on the remote Windows host. The version of AVG Anti-Virus on the remote host includes a kernel mode service driver, avg7core.sys, that allows a local user to write arbitrary data to arbitrary addresses. C Tenable Network Security, Inc. include"compat.inc"; if descripti...
iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability
Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND Symantec has a wide range of Anti-Virus and Internet Security products that are designed to protect users fr...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
No description provided by source. / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 ...
Advisory: Arbitrary kernel mode memory writes in AVG
======= Summary ======= Name: Arbitrary kernel mode memory writes in AVG Antivirus Release Date: 10 July 2007 Reference: NGS00500 Discover: Jonathan Lindsay john-lindsay ngssoftware com Vendor: Grisoft Vendor Reference: N/A Systems Affected: Windows NT based systems Risk: High Status: Fixed...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
Exploit for unknown platform in category local exploits ================================================================= WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit ================================================================= / WinPcap NPF.SYS Privilege Elevation...
WinPcap 4.0 - NPF.SYS Local Privilege Escalation
WinPcap 4.0 - NPF.SYS Local Privilege Escalation / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap...
WinPcap NPF.SYS Privilege Elevation Vulnerability
WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 3.1 - WinPcap 4.1 Operating systems affected Confirmed - Windows 2000 SP4 Both server and workstation -...
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation
/ WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 Note : There was an error in the previous...
[Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS
Attached is POC for a remote DoS in IPSecDrv.sys shipped with SafeNET High Assurance Remote and SoftRemote. The version tested is 10.4.0.12. The bug itself is due to SafeNET making a complete hash of IPv6 support for IPSec. The result of the code is a complete DoS of the machine in Kernel mode...
CVE-2007-1724
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures...
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow Metasploit Madwifi remote kernel exploit 100% reliable, does'nt crash wifi stack, can exploit same target multiple times Julien TINNES Laurent BUTTI vuln in giwscancb, here's the path: ieee80211ioctlgiwscan - ieee80211scaniterate - staiterate -...
Broadcom Wireless Driver Probe Response SSID Overflow Exploit (meta)
No description provided by source. require 'msf/core' module Msf class Exploits::Windows::Driver::BroadcomWiFiSSID Msf::Exploit::Remote include Exploit::Lorcon include Exploit::KernelMode def initializeinfo = superupdateinfoinfo, 'Name' = 'Broadcom Wireless Driver Probe Response SSID Overflow',...
D-Link DWL-G132 Wireless Driver Beacon Rates Overflow Exploit (meta)
No description provided by source. require 'msf/core' module Msf class Exploits::Windows::Driver::DLinkDWLG132WiFiRates Msf::Exploit::Remote include Exploit::Lorcon include Exploit::KernelMode def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DWL-G132 Wireless Driver Beacon Rates...
broadcom_wifi_ssid.rb.txt
require 'msf/core' module Msf class Exploits::Windows::Driver::BroadcomWiFiSSID 'Broadcom Wireless Driver Probe Response SSID Overflow', 'Description' = %q This module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11...
dlink_wifi_rates.rb.txt
require 'msf/core' module Msf class Exploits::Windows::Driver::DLinkDWLG132WiFiRates 'D-Link DWL-G132 Wireless Driver Beacon Rates Overflow', 'Description' = %q This module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflo...