This module exploits a double-free vulnerability in the Linux Kernel. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to escalate privileges via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
This module exploits a vulnerability in win32k.sys by loading a Printer Font Metric (PFM) file associated to an empty Printer Font Binary (PFB) file.
This module exploits a signedness issue in the Linux Kernel. The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to escalate privileges. This module performs a CAP_NET_ADMIN to root privilege escalation.
This module exploits a vulnerability in Sparklabs Viscosity. By abusing a configuration channel between the application and the underlying service, an attacker can trigger the loading of a DLL from a path under his control, gaining SYSTEM privileges.
This module exploits a vulnerability in the IRemUnknown2 COM interface, an attacker can abuse the fact that the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion, which can be leveraged to elevate privileges.
This module exploits a race condition vulnerability in the Linux Kernel via AF_PACKET sockets.
The CG6Service Service has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.
Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. This module uses the previous vulnerability to inject an agent inside lsass.exe process.
This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Precision X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges.