Apple MAC OS X < 10.9/10 - Local Root Exploit

Exploit for macOS platform in category local exploits / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...

CVE-2015-2831

The CVE-2015-2831 issue affects das-watchdog 0.9.0, where a buffer overflow can be triggered by a large string in the XAUTHORITY environment variable, allowing a local user to escalate to root privileges. Public sources in the connected documents confirm the root-context impact and local-access v...

PT-2015-3328 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 3.10.77 Description: The issue is related to the function load elf binary in the Linux kernel, which incorrectly allocates address space for PIE binaries when CONFIG ARCH BINFMT ELF RANDOMIZE PIE is enabled and ...

Mini-Stream RM-MP3 Converter 2.7.3.700 Buffer Overflow

!/usr/bin/env python + Author: TUNISIAN CYBER + Exploit Title: Mini-sream RM-MP3 Converter v2.7.3.700 Local Buffer Overflow + Date: 25-03-2015 + Type: Local Exploits + Tested on: WinXp/Windows 7 Pro + Vendor:...

Schneider Electric Wonderware System Platform Vulnerabilities

OVERVIEW Ivan Sanchez of WiseSecurity Team has identified a fixed search path vulnerability in Schneider Electric’s Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite. Schneider Electric has produced a patch that...

KLA10480 Security bypass in Linux Kernel

Race condition was found in Linux Kernel. By exploiting this vulnerability malicious users bypass security restrictions. This vulnerability can be exploited locally via manipulating with handlebytes value. Original advisories - Related products Linux-Kernel CVE list CVE-2015-1420 warning Solution...

Crystal Player 1.99 - Memory Corruption

Crystal Player 1.99 - Memory Corruption Document Title: =============== Crystal Player 1.99 - Memory Corruption Vulnerability Date: ============= 21/01/2015 Vendor Homepage: ================ http://www.crystalreality.com/ Abstract Advisory Information: ============================== Memory...

CVE-2014-1425

cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors...

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

Document Title: =============== ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1387 Release Date: ============= 2014-12-24 Vulnerability Laboratory ID VL-ID: ===================================...

kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...

Important: Red Hat Security Advisory: libXfont security update

Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ObjectInputStream deserializable

In Android 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-privat...

OpenBSD 5.5 Local Kernel Panic Exploit

OpenBSD versions 5.5 and below local kernel panic proof of concept exploit for i386...

Linux PolicyKit Race Condition Privilege Escalation Exploit

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to...

Linux PolicyKit Race Condition Privilege Escalation

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to...

Immunity Canvas: OSX_PARSEKEYMAPPING

Name| osxparsekeymapping ---|--- CVE| CVE-2014-4404 Exploit Pack| CANVAS Description| IOHIKeyboardMapper::parseKeyMapping local privilege escalation Notes| CVE Name: CVE-2014-4404 VENDOR: Apple Notes: Tested on: - 10.9 - 10.9.1 - 10.9.2 - 10.9.3 - 10.9.4 - 10.9.5 Repeatability: Multiple Times...

Advantech WebAccess Vulnerabilities

Advisory ID Internal CORE-2014-0005 1. Advisory Information Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL:http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted:...

AIMP2 Audio Converter <= 2.53b330 (.pls/.m3u) Unicode Crash PoC

No description provided by source. !/usr/bin/python AIMP2 Audio Converter = 2.53 build 330 .pls/.m3u Unicode local crash PoC Found & exploited by: mrme Download: ftp://www.catode.ru/AIMP/aimp2.51.330.zip Tested on: Wind0ws XP SP3 Unicode overflow, maybe someone with better skills can exploit this...

Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2)

No description provided by source. !/user/bin/perl Destiny Media Player 1.61 Local BoF Code Exploit Coded by : sCORPINo Snoop Security Researching Committe originally discovered by: Encrypt3d.M!nd windows/exec - 142 bytes http://www.metasploit.com Encoder: x86/fnstenvmov EXITFUNC=thread, CMD=calc...

FireFly 1.0 - Local Proxy Password Disclosure Exploit

No description provided by source. / FireFly v1.0 Local Exploit by Kozan Application: FireFly v1.0 Vendor: NetCruiser Software - www.netcruiser-software.com Vulnerable Description: FireFly v1.0 discloses proxy passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web :...