This module exploits a race condition vulnerability in the Linux Kernel via AF_PACKET sockets.
The CG6Service Service has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.
Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. This module uses the previous vulnerability to inject an agent inside lsass.exe process.
This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Precision X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges.
This module exploits a race condition vulnerability in the Linux Kernel via MAP_PRIVATE COW. The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
The vulnerability resides in parsing crafted PowerPoint documents and produces a Buffer Overflow in the stack. This module was tested on the Symantec Endpoint Manager version 12.1.4013.4013. Other versions may be are vulnerable too.
This module exploits a vulnerability in win32k.sys by creating special Windows menus with crafted parameters.
This module exploits a design flaw in Microsoft Windows. By spoofing NBNS responses, an unprivileged user can abuse a local HTTP->SMB credentials reflection vulnerability to install an agent. If that approach fails, on supported platforms the exploit falls back to a local WEBDAV->SMB credential reflection (MS16-075).
Pagination
- Previous page
- Page 20
- Next page