This module exploits a "win32k.sys" integer overflow in Windows kernel by calling to "PathToRegion" function with crafted parameters.
The Admin framework in Apple OS X contains a hidden backdoor API to gain root privileges. A local user can exploit this flaw in the checking of XPC entitlements.
This module exploits a vulnerability in "Windows Secondary Logon Service" when it fails to properly manage request handles in memory. As a result, a system thread handle is obtained.
Exim installations compiled with Perl support do not perform sanitation of the environment before loading a perl script defined with perl_startup setting in exim config file. This can be exploited by malicious local attackers to gain root privileges.
This module exploits a vulnerability in the NVIDIA Stereoscopic 3D Driver Service. It will wait for users to login on the target system, installing agents for every user, until being able to install an agent for a user in the Built In Administrators group.
The Adobe updater service, armsvc, exposes 2 service codes and a shared memory section. Those elements combined, allow a local attacker to execute code as SYSTEM.
The join_session_keyring() function in security/keys/process_keys.c in the Linux kernel is prone to a reference counter overflow that occurs when a process repeatedly tries to join an already existing keyring. This vulnerability can be leveraged by local unprivileged attackers to gain root privileges on the affected systems.
This module exploits a vulnerability present in Mac OS X. dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain root privileges via the DYLD_PRINT_TO_FILE environment variable.
The EnableNetwork method in the org.blueman.Mechanism D-Bus service of Blueman, a Bluetooth Manager, receives untrusted Python code provided by unprivileged users and evaluates it as root. This can be leveraged by a local unprivileged attacker to gain root privileges.
This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters.