10 matches found
CVE-2015-1117
CVE-2015-1117 affects Apple platforms: iOS before 8.3, OS X before 10.10.3, and Apple TV before 7.2. The kernel setreuid/setregid system-call implementations fail to drop privileges, enabling code execution with unintended user/group privileges via a crafted app. Remediation is to upgrade to the ...
CVE-2015-1117
The 1 setreuid and 2 setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted a...
Apple iOS setreuid and setregid call elevation of privilege vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security building exists in the Apple iOS kernel setreuid and setregid, due to the Apple iOS kernel failing to properly drop privileges. A local attacker can exploit the vulnerability to elevate...
XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...
Linux x86_64 - add user with passwd (189 bytes)
No description provided by source. ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm -o scadduserobj scadduser.S ; ;Purpose: adds user...
Linux x86_64 - add user with passwd 189 bytes
Linux x8664 - add user with passwd 189 bytes. Shellcode exploit for linx86-64 platform ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm...
Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode
Solaris/SPARC - setreuidgeteuid + setregidgetegid + execve/bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform / Solaris shellcode - setreuidgeteuid, setregidgetegid, execve /bin/sh Claes M. Nyberg 20020124 , / include static char solariscode = / geteuid / "\x82\x10\x20\x18" / mov 24, %...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 execve /bin/sh setreuid12,12 50 bytes ================================================= / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12...
linux/x86 execve /bin/sh setreuid12,12 50 bytes
linux/x86 execve /bin/sh setreuid12,12 50 bytes. Shellcode exploit for linx86 platform / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include char c0de = / main: / / setregid12, 12; / "\x29\xc0" / subl %eax, %eax / "\xb0\x47" / movb $71, %a...
linux/x86 execve /bin/sh setreuid(12 12) 50 bytes
No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / "\x29\xc0" / subl %eax, %eax / "\xb0\x47" / movb $71, %al / "\x29\xdb" / subl %ebx, %ebx / / Here's...