UBUNTU-CVE-2013-3227

The caifseqpktrecvmsg function in net/caif/caifsocket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

MS-some common local mention of the right to exploit-vulnerability warning-the black bar safety net

Ms08-0 2 3 local vulnerability to mention the right to ! clipimage002 Add a user 4 5 6 View this user ! clipimage004 With this user login ! clipimage006 Provide the right to fail Using vulnerability to mention the right to ! clipimage008 ! Provide the right to succeed MS10-0 4 8 Use the...

KLA10103 LPE vulnerability in Cisco AnyConnect

A buffer overflow was found in Cisco AnyConnect. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally. Original advisories Cisco bulletin Related products Cisco-AnyConnect-VPN-Client CVE list CVE-2013-1173 high Solution Update to latest...

CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

CVE-2013-2776

CVE-2013-2776 affects sudo versions 1.3.5–1.7.10p5 and 1.8.0–1.8.6p6, where, on systems without /proc or with tty_tickets enabled, sudo fails to properly validate the controlling terminal. This allows a local user with sudo permissions to hijack another user’s authorization by interacting with th...

HexChat 2.9.4 Local Exploit Submission

Exploit for windows platform in category local exploits !/usr/bin/python HexChat 2.9.4 Local Exploit Bug found by Jules Carter Exploit by Matt "hostess" Andreko http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"30 shellcode = msfvenom -p windows/messagebox...

HexChat 2.9.4 Buffer Overflow

!/usr/bin/python HexChat 2.9.4 Local Exploit Bug found by Jules Carter Exploit by Matt "hostess" Andreko http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"30 shellcode = msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e x86/alphamixed -f c...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1776-1)

A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu//msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. CVE-2013-0268 A flaw was discovered in the Linux kernels handling of memory ranges with...

CVE-2013-1773

CVE-2013-1773 involves a buffer overflow in the Linux kernel VFAT UTF-8 to UTF-16 conversion during a VFAT write when utf8 mount option is used. Affects Linux kernel before 3.3; local privilege escalation or system crash possible. The connected advisory set includes references to kernel patches (...

CVE-2013-1248

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and...

CVE-2012-6095

CVE-2012-6095 affects ProFTPD prior to 1.3.5rc1. When using the UserOwner directive, a race condition with a symlink attack on the MKD or XMKD commands lets a local user modify ownership of arbitrary files. The vulnerability arises from insecure handling of temporary files during directory creati...

Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow

/ NVidia Display Driver Service Nsvr Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE ============================================================= @peterwintrsmith Initial release 25/12/12 Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - thanks @seanderegge! Hey all! Here is a...

Grep Integer Overflow

Grep /dev/null Segmentation fault core dumped Method two: $ perl -e 'print "\nx"x231' | grep -c x /dev/null Twitter: https://twitter.com/MegaManSec CVE: CVE-2012-5667 -- Joshua Rogers - Retro Game Collector && IT Security Specialist gpg pubkey...

Grep 2.11 - Integer Overflow Crash (PoC)

Grep 2.11 - Integer Overflow Crash PoC Grep /dev/null Segmentation fault core dumped Method two: $ perl -e 'print "\nx"x231' | grep -c x /dev/null Twitter: https://twitter.com/MegaManSec CVE: CVE-2012-5667 -- Joshua Rogers - Retro Game Collector && IT Security Specialist gpg pubkey...

Grep < 2.11 - Integer Overflow Crash (PoC)

Grep /dev/null Segmentation fault core dumped Method two: $ perl -e 'print "\nx"x231' | grep -c x /dev/null Twitter: https://twitter.com/MegaManSec CVE: CVE-2012-5667 -- Joshua Rogers - Retro Game Collector && IT Security Specialist gpg pubkey...

Zoner Photo Studio v15 Build 3 (Zps.exe) Registry Value Parsing Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Zoner Photo Studio v15 Build 3 Zps.exe Registry Value Parsing Local Buffer Overflow Version: 15 Build 3, Build 2 Date: 2012-11-09 Author: Julien Ahrens Homepage: http://www.inshell.net Software Link:...

Zoner Photo Studio 15 Build 3 Registry Value Parsing

!/usr/bin/python Exploit Title: Zoner Photo Studio v15 Build 3 Zps.exe Registry Value Parsing Local Buffer Overflow Version: 15 Build 3, Build 2 Date: 2012-11-09 Author: Julien Ahrens Homepage: http://www.inshell.net Software Link: http://www.zoner.com Tested on: Windows XP SP3 Professional Germa...

FreeBSD : xlockmore -- local exploit (57652765-18aa-11e2-8382-00a0d181e71d)

Ignatios Souvatzis of NetBSD reports : Due to an error in the dclock screensaver in xlockmore, users who explicitly use this screensaver or a random mix of screensavers using something like 'xlockmore -mode random' may have their screen unlocked unexpectedly at a random time. %NASLMINLEVEL 70300 ...

PHP 5.3.4 Win Com Module - Com_sink

Exploit Title: PHP 5.3.4 Win Com Module Comsink Local Exploit Google Dork: Nil Date: 9/10/2012 Author: FB1H2S Software Link: PHP Windows Version: 5.3.4 Tested on: Microsoft XP Pro 2002 SP2...

Microsoft Windows - Escalate UAC Execute RunAs (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Windows...