The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.



This update adds the 'one-shot' tag to the XML of the module.

Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port, allowing local users to gain elevated privileges.

This update adds support for Windows 2008.

Incorrect assumptions in the support code of legacy 16bit applications in Microsoft Windows operating systems allows local users to gain system privileges via the "NtVdmControl" system call. This module exploits the vulnerability and installs an agent with system privileges.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. That can be exploited by local users to gain elevated privileges.

OpenBSD is prone to a local denial-of-service vulnerability.

XMM exceptions are not correctly handled, resulting in a kernel panic.

This update fixes a documentation issue regarding supported platforms.

This module exploits a vulnerability in Anti keylogger elite when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x002224A4 handler in the AKEProtect.sys device driver in Anti Keylogger Elite allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges.



This update improves the checks to verify whether the vulnerable application is installed or not.

This module exploits a vulnerability in Microsoft Windows via a specially crafted call to the vulnerable function.



WARNING: This is an early release module. This is not the final version of this module.

It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket