The PulseAudio reload functionality has an exploitable race condition vulnerability. The executable file pulseaudio is seteuid root, therefore exploiting this bug allows to gain root privileges. This module uploads a binary exploit to the target machine and executes it with different parameters to try to exploit the vulnerability. As race conditions are sensitive to hardware and CPU load changes, this module may fail on some vulnerable machines.
The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. Exploitation requires valid local user, with access to the controls socket. After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the ftp server. However, the euid (as opposite to the uid) of the agent may be not that of the super user (usually is "nobody"), and by using the setuid module (see setuid module documentation), it can be changed to zero (root). This exploit may cause a Denial of Service on the target ProFTPD server.
This module exploits a local race-condition vulnerability in PolicyKit, which allows local users to execute arbitrary code with root privileges.
This module exploits a buffer overflow vulnerability in Panda Internet Security RKPavProc.sys driver when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges.
This module exploits a privilege escalation vulnerability in Panda Internet Security.
This module exploits a privilege escalation vulnerability in the AppFlt.sys driver of Panda Global Protection. The vulnerable driver trusts some values passed from user mode via IOCTL 0x06660E1C, which can be leveraged to corrupt memory in the kernel address space. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges.
The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges.
The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. Note that this vulnerability can be exploited on Windows Guest operating systems with the Guest Additions installed, even when the 'Shared Folders' feature is not being used.
The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS.
The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Windows Guest OS can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host OS.