The CorsairLLAccess64.sys driver before 3.25.60 in CORSAIR iCUE exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
This module exploits a win32k component vulnerability This can be exploited to execute arbitrary code with System privileges. It is working until KB4507004 update 2019/07/08 it is patched in KB4507449 Security Monthly Quality Rollup for Windows 7 x64-based Systems 2019/07/09
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
The -u parameter of sudo can be used to specify a user id if preceded by '#', this module exploits a flaw in how that parameter is handled, when the id -1 is provided sudo will run the command as root even if it is restricted in the sudoers file For this exploit to work, there must be at least one directive in the sudoers file that allows a non privileged user to run a command as any user, thus by exploiting the flaw this command can be ran as root Depending on the configured commands inside the sudoers file, an new privileged agent can be deployed using only those commands. This exploit currently supports deploying the agent when vi or vim are allowed by a directive
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Gets SYSTEM privileges exploiting two vulnerabilities (CVE-2019-1405 / CVE-2019-1322). The first one allows us to get NT AUTHORITY/SERVICE using a method of a COM Object from UPnP Device Host Service. Then, with NT AUTHORITY/SERVICE privileges, we elevate to NT AUTHORITY/SYSTEM with CVE-2019-1322.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).
This module exploits a vulnerability in FreeBSD. A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
This module exploits a Check Point Endpoint Security Initial Client vulnerability that can execute arbitrary code with System privileges.
This module exploits a vulnerability in Edge, getting Full Control over a file. This can be exploited to execute arbitrary code with System privileges.