CVE-2026-25740

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

Nixpkgs 安全漏洞

Nixpkgs is a collection of over 100,000 software packages open source from NixOS. It can be installed using the Nix package manager. Nixpkgs versions 25.05 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for any system user to execute commands with t...

CVE-2018-4206

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary...

Memory corruption

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary...

CVE-2018-4206

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary...

Quest Privilege Manager pmmasterd Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Quest Privilege Manager pmmasterd Buffer Overflow', 'Description' = %q This modules exploits a buffer overflow in the Quest Privilege Manager, a...

Quest Privilege Manager 6.0.0 - Arbitrary File Write

Quest Privilege Manager 6.0.0 - Arbitrary File Write !/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Tested...

Quest Privilege Manager pmmasterd Buffer Overflow

This modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server Privilege Manager for Un...

Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40957.zip When sending and receiving mach messages from userspace there are two important kernel objects; ipcentry and...

rsh Authentication Scanner

This module will test a shell rsh service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports below 1024. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Multiple Vulnerabilities and Enhancements in ftpd on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Multiple Vulnerabilities and Enhancements in ftpd Number : 20030304-01-P Date : March 24, 2003 Reference: CERT CA-1997-27 Reference: CERT VU2558 Reference: CERT VU258721 Reference: CVE CVE-1999-0017 Reference: CVE CVE-1999-0097...

CVE-1999-0451

CVE-1999-0451 affects Linux 2.0.36 and describes a local Denial of Service where local users can prevent any server from listening on a non-privileged port. The connected Red Hat and CVE payloads reiterate the same description. The sources do not provide concrete exploit details, affected package...

Eric Allman Sendmail 8.8.x - Socket Hijack

Eric Allman Sendmail 8.8.x - Socket Hijack // source: https://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit or "hijack" the file descriptor for t...