Linux Kernel 2.6 < 2.6.19 - (32bit) ip_append_data() ring0 Root Exploit

No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...

Apple MACOS X xnu <= 1228.9.59 Local Kernel Root Exploit

No description provided by source. / xnu-workq-v2-64.c Copyright c 2008 by [email protected] Apple MACOS X xnu = 1228.9.59 local kernel root exploit by mu-b - Sat 16 Feb 2008 - Tested on: Apple MACOS X 10.5.1 xnu-1228.0.21/RELEASEI386 Apple MACOS X 10.5.2 xnu-1228.3.131/RELEASEI386...

Adobe Version Cue 1.0/1.0.1 - (-lib) Local Root Exploit (OSX)

No description provided by source. / Adobe Version Cue VCNativeOSX: local root exploit. dyld by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program allows un-privileged local users to load arbitrary librariesbundles while running setuid root. this is done via the -lib...

Solaris 2.6/7.0/8 netpr Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as...

Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)

No description provided by source. Linux NULL pointer dereference due to incorrect protoops initializations ------------------------------------------------------------------------- Quick and dirty exploit for this one: http://www.frasunek.com/protoops.tgz back:...

McAfee VirusScan for Mac (Virex) <= 7.7 - Local Root Exploit

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Following symlinks is bad mmmmmmmmmmkay! $dest = /var/cron/tabs/root; $tgts0 = Virex 7.7.dmg:/Library/Application Support/Virex/VShieldExclude.txt\ ; unless $target = @ARG...

Tunnelblick - Local Root Exploit

No description provided by source. / ==== Pwnnel Blicker ==== = = = zx2c4 = = = ======================== Tunnel Blick, a widely used OpenVPN manager for OSX comes with a nice SUID executable that has more holes than you care to count. It's a treasure chest of local roots. I picked one that looked...

Linux Kernel < 2.4.20 Module Loader Local Root Exploit

No description provided by source. / Linux Kernel Module Loader Local R00t Exploit Up to 2.4.20 By anonymous KuRaK include stdio.h include stdlib.h include signal.h include fcntl.h include errno.h include unistd.h include sys/types.h include sys/stat.h include sys/ptrace.h include sys/wait.h...

Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit

No description provided by source. !/usr/bin/env python rocksumountdirty.py: Rocks release =4.1 local root exploit quick and nasty version of the exploit. make sure the . is writable and you clean up afterwards. ; coded by: [email protected] http://xavsec.blogspot.com x=import'os';c=x.getcwd...

Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit

No description provided by source. Sun Solaris = 10 rpc.ypupdated Remote Root Exploit http://www.exploit-db.com/sploits/2008-ypk2008.tar.gz milw0rm.com 2008-03-20...

Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit (x86/x64)

No description provided by source. / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use ./therebel.sh for everything At this...

QNX RTOS 6.1 PKG-Installer Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4918/info It has been reported that the pkg-installer utility for QNX is vulnerable to a buffer overflow condition. The vulnerability is a result of an unbounded string copy of the argument to the -U commandline option of...

wu-ftpd 2.6.0 - Remote Root Exploit

No description provided by source. / c 2000 venglin / b0f http://b0f.freebsd.lublin.pl WUFTPD 2.6.0 REMOTE ROOT EXPLOIT 22/06/2000, updated: 05/08/2000 Idea and preliminary version of exploit by tf8 Greetz: Lam3rZ, TESO, ADM, lcamtuf, karpio. Dedicated to ksm. PRIVATEDONOTDISTRIBUTE / include...

Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)

No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. / FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread...

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit

No description provided by source. / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorize...

Openswan <= 2.4.12/2.6.16 Insecure Temp File Creation Root Exploit

No description provided by source. !/bin/bash uglyswan - OpenSwan local root exploit CVE-2008-4190 description: The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the ...

X.Org xorg-x11-xfs <= 1.0.2-3.1 - Local Race Condition Exploit

No description provided by source. !/bin/sh Xorg-x11-xfs Race Condition Vuln local root exploit CVE-2007-3103 Another lame xploit by vl4dZ : works on redhat el5 and before $ id uid=1001kecos gid=1001user groups=1001user $ sh xfs-RaceCondition-root-exploit.sh Generate large data file in...

Seagate BlackArmor - Root Exploit

No description provided by source...

YepYep MTFTPD 0.2/0.3 - Remote CWD Argument Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12947/info mtftpd is reported prone to a remote format string vulnerability. Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable...