4304 matches found
Novell Client nicm.sys Local Privilege Escalation
The file 'NICM.SYS' included with the Novell Client software and installed on the remote host reportedly allows local users to open the device '.\nicm' and execute arbitrary code in kernel mode using specially-constructed input. C Tenable Network Security, Inc. include"compat.inc"; if description...
From the Kabbah vulnerability glimpse of kernel-mode Shellcode writing-vulnerability warning-the black bar safety net
Source: gyzy's Blog This article has been published in the hacker line of Defense of the 2 0 0 7 year 1 1 monthly. The author and the hacker line of Defense on the retention of copyright, reproduced, please indicate the original source For the reader: overflow of lovers Pre-knowledge: Assembly...
WinPcap driver array overflow
Array index overflow in kernel mode on IOCTL handling...
[48bits] Advisory : Multiple vulnerabilities in Norman NVC 5.82 driver
Abstract: There are multiple bugs in nvcoaft51 driver from Norman products. These bugs could be locally exploited by a malicious user in order to gain unlimited access to the system. Nvcoaft51 driver creates a device named NvcOa without a restrictive security descriptor, so any user can open it a...
iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability
Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND Symantec has a wide range of Anti-Virus and Internet Security products that are designed to protect users fr...
AVG Anti-virus avg7core.sys 0x5348E004 IOCTL Local Privilege Escalation
AVG Anti-Virus is installed on the remote Windows host. The version of AVG Anti-Virus on the remote host includes a kernel mode service driver, avg7core.sys, that allows a local user to write arbitrary data to arbitrary addresses. C Tenable Network Security, Inc. include"compat.inc"; if descripti...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
No description provided by source. / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 ...
Advisory: Arbitrary kernel mode memory writes in AVG
======= Summary ======= Name: Arbitrary kernel mode memory writes in AVG Antivirus Release Date: 10 July 2007 Reference: NGS00500 Discover: Jonathan Lindsay john-lindsay ngssoftware com Vendor: Grisoft Vendor Reference: N/A Systems Affected: Windows NT based systems Risk: High Status: Fixed...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
Exploit for unknown platform in category local exploits ================================================================= WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit ================================================================= / WinPcap NPF.SYS Privilege Elevation...
WinPcap NPF.SYS Privilege Elevation Vulnerability
WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 3.1 - WinPcap 4.1 Operating systems affected Confirmed - Windows 2000 SP4 Both server and workstation -...
WinPcap 4.0 - NPF.SYS Local Privilege Escalation
WinPcap 4.0 - NPF.SYS Local Privilege Escalation / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap...
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation
/ WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 Note : There was an error in the previous...
[Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS
Attached is POC for a remote DoS in IPSecDrv.sys shipped with SafeNET High Assurance Remote and SoftRemote. The version tested is 10.4.0.12. The bug itself is due to SafeNET making a complete hash of IPv6 support for IPSec. The result of the code is a complete DoS of the machine in Kernel mode...
CVE-2007-1724
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures...
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
Madwifi 0.9.2.1 - SIOCGIWSCAN Buffer Overflow Metasploit Madwifi remote kernel exploit 100% reliable, does'nt crash wifi stack, can exploit same target multiple times Julien TINNES Laurent BUTTI vuln in giwscancb, here's the path: ieee80211ioctlgiwscan - ieee80211scaniterate - staiterate -...
D-Link DWL-G132 Wireless Driver Beacon Rates Overflow Exploit (meta)
No description provided by source. require 'msf/core' module Msf class Exploits::Windows::Driver::DLinkDWLG132WiFiRates Msf::Exploit::Remote include Exploit::Lorcon include Exploit::KernelMode def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DWL-G132 Wireless Driver Beacon Rates...
Broadcom Wireless Driver Probe Response SSID Overflow Exploit (meta)
No description provided by source. require 'msf/core' module Msf class Exploits::Windows::Driver::BroadcomWiFiSSID Msf::Exploit::Remote include Exploit::Lorcon include Exploit::KernelMode def initializeinfo = superupdateinfoinfo, 'Name' = 'Broadcom Wireless Driver Probe Response SSID Overflow',...
dlink_wifi_rates.rb.txt
require 'msf/core' module Msf class Exploits::Windows::Driver::DLinkDWLG132WiFiRates 'D-Link DWL-G132 Wireless Driver Beacon Rates Overflow', 'Description' = %q This module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflo...
broadcom_wifi_ssid.rb.txt
require 'msf/core' module Msf class Exploits::Windows::Driver::BroadcomWiFiSSID 'Broadcom Wireless Driver Probe Response SSID Overflow', 'Description' = %q This module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11...
Broadcom Wireless Driver Probe Response SSID Overflow Expl (meta)
Exploit for unknown platform in category remote exploits ==================================================================== Broadcom Wireless Driver Probe Response SSID Overflow Exploit meta ==================================================================== require 'msf/core' module Msf class...