11 matches found
InsomniaX 2.1.8 Arbitrary Kernel Extension Loading Vulnerability
It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions kext. The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load or unload any...
WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...
VMware product updates address multiple important security issues
a. DLL hijacking issue in Windows-based VMware Tools A DLL hijacking vulnerability is present in the VMware Tools "Shared Folders" HGFS feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. In order to exploit this...
VMSA-2016-0010:VMware product updates address multiple HIGH security issues
VMSA-2016-0010.1 VMware product updates address multiple important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0010.1 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address multiple security issue...
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)
require 'zip' require 'base64' require 'msf/core' require 'rex/ole' class MetasploitModule 'Office OLE Multiple DLL Side Loading Vulnerabilities', 'Description' = %q Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various...
Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)
Cisco AnyConnect 3.1.08009 - Local Privilege Escalation via DMG Install Script / Cisco AnyConnect elevation of privileges via DMG install script - proof of concept Yorick Koster, July 2015 https://securify.nl/advisory/SFY20150701/ciscoanyconnectelevationofprivilegesviadmginstallscript.html based ...
Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability
A vulnerability in the administrative web interface of the Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to perform a cross-site...
yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities
------------------------------------------------------------------------ yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities ------------------------------------------------------------------------ Yorick Koster, June 2009...
PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)
Exploit for linux platform in category local exploits ===================================================================== PulseAudio setuid Priv. Escalation Exploit ubu/9.04slack/12.2.0 ===================================================================== PulseAudio setuid Local Privilege...
PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)
No description provided by source. PulseAudio setuid Local Privilege Escalation Vulnerability http://www.securityfocus.com/bid/35721 Credit for discovery of bug: Tavis Ormandy, Julien Tinnes and Yorick Koster -- Put files in /tmp/pulseaudio-exp or change config.h. Must be on same fs as the...
Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)
Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...