429 matches found
Dropbox 3.3.x - OSX FinderLoadBundle Local Root Exploit
The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary...
openSUSE: Security Advisory for libuser (openSUSE-SU-2015:1332-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : libuser (openSUSE-2015-529)
libuser was updated to fix on security issue. The following vulnerability was fixed : - CVE-2015-3246: local root exploit through passwd file handling boo937533 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
Security update for libuser (important)
libuser was updated to fix on security issue. The following vulnerability was fixed: CVE-2015-3246: local root exploit through passwd file handling boo937533...
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...
Qualys Security Advisory - userhelper / libuser
Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary ----------------------------------------------------------------- The libuser library implements a standardized interface for manipulating and administering user and grou...
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root Exploit
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
!/bin/sh Exploit Title: GNU libc /tmp/libxpl.c /dev/null cat /tmp/libxpl.so /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LDAUDIT="libxpl.so" ping...
Xcode OpenBase <= 10.0.0 (unsafe system call) Local Root Exploit (OSX)
No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom = ftp://www.openbase.com/pub/OpenBase10.0 vulnerable ? This is some fairly blatant and retarded use of system cd cp chmod chown rm mkdir and killall appear as strings in t...
Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)
No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...
IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit
No description provided by source. / 07/2007: public release IBM AIX = 5.3 sp6 AIX capture Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include fcntl.h include unistd.h include sys/wait.h include sys/select.h define TARGET /usr/bin/capture define VALCNT 40 define...
hztty 2.0 - Local root exploit (Tested on Red Hat 9.0)
No description provided by source. / 0x333hztty = hztty 2.0 local root exploit more info : Debian Security Advisory DSA 385-1 note I adjusted some part of hztty's code since there were some errors. hope this will not influence exploitation : tested against Red Hat 9.0 : c0wboy@0x333 c0wboy$ gcc...
Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Local Root Exploit
No description provided by source. !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as include...
Adobe Version Cue 1.0/1.0.1 - (-lib) Local Root Exploit (OSX)
No description provided by source. / Adobe Version Cue VCNativeOSX: local root exploit. dyld by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program allows un-privileged local users to load arbitrary librariesbundles while running setuid root. this is done via the -lib...
Ubuntu 12.04.0-2LTS x64 perf_swevent_init - Kernel Local Root Exploit
No description provided by source. / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c...
Tunnelblick - Local Root Exploit (2)
No description provided by source. !/bin/sh Pwnnel Blicker for kids zx2c4 This is another exploit for Tunnel Blick. Other exploits for Tunnel Blick are available here: http://git.zx2c4.com/Pwnnel-Blicker/tree/ echo + Making vulnerable directory. mkdir -pv /tmp/pwn/openvpn/openvpn-0 echo + Prepari...
Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit
No description provided by source. !/usr/bin/env python rocksumountdirty.py: Rocks release =4.1 local root exploit quick and nasty version of the exploit. make sure the . is writable and you clean up afterwards. ; coded by: [email protected] http://xavsec.blogspot.com x=import'os';c=x.getcwd...
Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit
No description provided by source. !/bin/sh rocksmountdirty.sh: Rocks release =4.1 local root exploit make sure 'mount-loop' is in your path for this to work. coded by: [email protected] http://xavsec.blogspot.com echo Rocks Clusters =4.1 mount-loop local root exploit by [email protected]...
Exim <= 4.42 Local Root Exploit
No description provided by source. !/bin/sh Local Lame R00T sploit for exim = 4.42 by Dark Eagle My First Coding Release In bash Unl0ck Research Team More Effective than C-code. @env.c content: include stdio.h include string.h int mainint argc, char argv char addrptr; addrptr = getenvargv1;...