An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386)
The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system.
An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered.
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process.
Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
This update improve the exploit reliability in windows 2003.
Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
This update improve the exploit reliability in windows 2003.
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
This module connects to Telephony Service and sends a message via lineSetAppPriorityW winapi32 producing a buffer overflow and installs an agent.
This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process.
Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.