macOS Dirty Cow Arbitrary File Write Local Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit

This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an...

macOS cfprefsd Arbitrary File Write Local Privilege Escalation

This module exploits an arbitrary file write in cfprefsd on macOS use exploit/osx/local/cfprefsdracecondition msf exploitcfprefsdracecondition show targets ...targets... msf exploitcfprefsdracecondition set TARGET msf exploitcfprefsdracecondition show options ...show and set options... msf...

Linux: Read password configuration files (KB)

When a PAM aware privilege granting application is started, it activates its attachment to the PAM-API. This activation performs a number of tasks, the most important being the reading of the configuration files: /etc/pam.conf. Alternatively, this may be the contents of the /etc/pam.d/ directory...

Calibre E-Book Reader Local Root

No description provided by source. / .80 Calibrer Assault Mount by zx2c4 Yesterday's assult mount used inotify to mount into /etc/pam.d. Today we expand the attack by adding a race toggler so we can mount from non-block devices. Enjoy. - zx2c4 2011-11-4 greets to djrbliss / include stdio.h includ...

Linux pam_lib_smb < 1.1.6 /bin/login Remote Exploit

No description provided by source. / Linux pamlibsmb 1.1.6 /bin/login exploit by vertex Tested on Redhat 8.0, 9.0 Advisory at http://us2.samba.org/samba/ftp/pamsmb/ code based on : UClogin.c SunOS 5.6,5.7,5.8 remote /bin/login root exploit mikecc/unixclan...

MDVA-2010:112 : kdebase4-workspace

In mandriva 2010.0 /etc/pam.d/kde was not tagged as a config file so was replaced by a new file on each update.This update fixes this issue. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable...

Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace)

Check for the Version of kdebase4-workspace OpenVAS Vulnerability Test Mandriva Update for kdebase4-workspace MDVA-2010:112 kdebase4-workspace Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Update for drakx-installer-stage2 MDVA-2010:020 (drakx-installer-stage2)

Check for the Version of drakx-installer-stage2 OpenVAS Vulnerability Test Mandriva Update for drakx-installer-stage2 MDVA-2010:020 drakx-installer-stage2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

CVE-2008-1946

The CVE-2008-1946 entry concerns GNU coreutils 5.2.1 where the default PAM config for su in /etc/pam.d/su mishandles pam_succeed_if.so, enabling any local user to switch to a locked or expired account by supplying an account name on the command line. Concrete details show the affected component (...

CVE-2008-0884

The Replace function in the capp-lspp-config script in the 1 lspp-eal4-config-ibm and 2 capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux RHEL 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...