IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit

No description provided by source. / 07/2007: public release IBM AIX = 5.3 sp6 AIX capture Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include fcntl.h include unistd.h include sys/wait.h include sys/select.h define TARGET /usr/bin/capture define VALCNT 40 define...

Linux Kernel <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c)

No description provided by source. / k-rad3.c - linux 2.6.11 and below CPL 0 kernel local exploit v3 Discovered and original exploit coded Jan 2005 by sd [email protected] Modified 2005/9 by alert7 [email protected] XFOCUS Security Team http://www.xfocus.org gcc -o k-rad3 k-rad3.c -static -O2 test...

eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit

No description provided by source. / extremail-v4.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Sun Oct 08 2006 - Tested on: eXtremail 2.1.1 lnx Overflow in LOGIN command of admin interface. - Private Source Code -DO NOT DISTRIBUTE -...

eXtremail 1.x/2.1 - Remote Format String Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructe...

QNX 6.4.x/6.5.x ifwatchd - Local root Exploit

No description provided by source. !/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 [email protected] - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can...

Linux kernel 2.0.37 Segment Limit Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/523/info This vulnerability has to do with the division of the address space between a user process and the kernel. Because of a bug, if you select a non-standard memory configuration, sometimes user level processes may b...

ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit

No description provided by source. ProFTPd remote root exploit solareclipse at phreedom dot org GPG key ID: E36B11B7 http://www.exploit-db.com/sploits/12262006-proftpd-not-pro-enough.tar.gz milw0rm.com 2003-10-15...

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit

No description provided by source. !/bin/sh 07/2007: public release IBM AIX = 5.3 sp6 echo ------------------------------- echo AIX pioout Local Root Exploit echo By qaaz echo ------------------------------- cat piolib.c EOF include stdlib.h include unistd.h void init attribute constructor; void...

LBL traceroute 1.4 a5 Heap Corruption Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets...

Tolis Group BRU 17.0 - Local Root Exploit (1)

No description provided by source. source: http://www.securityfocus.com/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation. It may be possible for local attackers to conduct format string-based...

SCO Unixware 7.1 i2odialogd Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/876/info UnixWare is a variant of the Unix operating system originally written by SCO, and distributed and maintained by Caldera. i20dialogd is a daemon which provides a front-end for controlling the i20 subsystem. It is...

Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 & x64 Local Privilege Escalation Exploit (2)

No description provided by source. / Linux Kernel CAPSYSADMIN to Root Exploit 2 32 and 64-bit by Joe Sylve @jtsylve on twitter Released: Jan 7, 2011 Based on the bug found by Dan Rosenberg @djrbliss only loosly based on his exploit http://www.exploit-db.com/exploits/15916/ Usage: gcc -w...

hztty 2.0 - Local root exploit (Tested on Red Hat 9.0)

No description provided by source. / 0x333hztty = hztty 2.0 local root exploit more info : Debian Security Advisory DSA 385-1 note I adjusted some part of hztty's code since there were some errors. hope this will not influence exploitation : tested against Red Hat 9.0 : c0wboy@0x333 c0wboy$ gcc...

Tunnelblick - Local Root Exploit (2)

No description provided by source. !/bin/sh Pwnnel Blicker for kids zx2c4 This is another exploit for Tunnel Blick. Other exploits for Tunnel Blick are available here: http://git.zx2c4.com/Pwnnel-Blicker/tree/ echo + Making vulnerable directory. mkdir -pv /tmp/pwn/openvpn/openvpn-0 echo + Prepari...

Android 1.x/2.x HTC Wildfire - Local Root Exploit

No description provided by source. / android 1.x/2.x the real youdev feat. init local root exploit. Modifications to original exploit for HTC Wildfire Stage 1 soft-root c 2010 Martin Paul Eve Changes: -- Will not remount /system rw NAND protection renders this pointless -- Doesn't copy self, mere...

Linux 2.6.37-3.x.x PERF_EVENTS - Local Root Exploit

No description provided by source. / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist. / define GNUSOURCE 1 include...

dbus-glib pam_fprintd - Local Root Exploit

No description provided by source. / darklena. fprintd/pamfprintd local root PoC. However dbus-glib plays an important role. C 2013 Sebastian Krahmer, all rights reversed. pamfprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM...

Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions...

Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit

影响范围：Linux Kernel 3.3-3.8CVE-ID：CVE-2013-1763Linux内核处理netlink协议时，存在一处内存越界访问，成功利用可执行任意代码，进行本地提权。漏洞代码如下：static int sockdiagrcvmsgstruct skbuff skb, struct nlmsghdr nlh int err; struct sockdiagreq req = NLMSGDATAnlh; struct sockdiaghandler hndl; if nlmsglennlh sizeofreq return -EINVAL; hndl =...

Linux Kernel 2.x - sock_sendpage() Local Root Exploit (Android Edition)

No description provided by source. Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later. orig: http://zenthought.org/content/file/android-root-2009-08-16-source back: http://www.exploit-db.com/sploits/android-root-20090816.tar.gz...