Netgear Routers - Password Disclosure Vulnerabilities

Exploit for hardware platform in category web applications Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password...

DEBIAN-CVE-2016-10013

Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation...

Design/Logic Flaw

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

PT-2017-2021 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.7 Description: The issue is caused by an integer overflow in the vc4 get bcl function of the VideoCore DRM driver. This can be exploited by a local attacker using a specially crafted VC4 SUBMIT CL ioctl call...

CVE-2016-8426

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

KLA11171 OSI vulnerability in Adobe Flash Player

Out-of-bounds read vulnerability in Adobe Flash Player can be exploited locally to obtain sensitive information. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel Original advisories APSB18-01 Exploitati...

KLA10947 Denial of service vulnerability in Kaspersky products

Vulnerability was found in window broadcast message handling functionality of Kaspersky products. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited locally via a specially designed unhandled window messages, which cause termination...

QNAP NAS Devices - Heap Overflow Exploit

Exploit for linux platform in category dos / poc ================== 1 Heap overflow ================== Path: /home/httpd/cgi-bin/cgi.cgi u = valid user guest|admin 1.1 / Remote / Remote host echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=fori=0;i263;i++;do echo -en "A";done HTTP/1.0\nHost: QNAP\n\n" |...

QNAP NAS Devices - Heap Overflow

QNAP NAS Devices - Heap Overflow ================== 1 Heap overflow ================== Path: /home/httpd/cgi-bin/cgi.cgi u = valid user guest|admin 1.1 / Remote / Remote host echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=fori=0;i263;i++;do echo -en "A";done HTTP/1.0\nHost: QNAP\n\n" | ncat --ssl...

PT-2017-7769 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.15 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This can be achieved by using an AF ALG socket with an incompatible...

Google Android NVIDIA Camera Driver Denial of Service Vulnerability

Android on Pixel C is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA for the Pixel C. The NVIDIA Camera Driver is one of the camera drivers used. A denial of service vulnerability exists in the NVIDIA Camera Driver in Android on Pixel C...

CVE-2016-6742

An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process...

CVE-2016-6732

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6724

A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderat...

Privilege escalation

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise,...

UBUNTU-CVE-2016-6739

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Androi...

UBUNTU-CVE-2016-6743

An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process...

CVE-2016-3338

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

Google Android AOSP Launcher Local Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which AOSP Launcher is a system desktop software. A local elevation of privilege vulnerability exists in AOSP Launcher in Android 7.0. An attacker can exploit this vulnerabilit...

ZyXEL DEL1201-T10A Authorization Bypass Vulnerability

ZyXEL DEL1201-T10A Modem Default Password is : admin In RealyIf Network Administrator Change The The Default Password To Any , We Can't Access To Modem Settings . Because We Don't Know New Password . But Authorization Bypass Access We To Change Modem Settings ! Document Title: =============== ZyX...