This module exploits a vulnerability in "atmfd.dll" Windows kernel module by loading a crafted OTF font.
This module exploits a vulnerability in Symantec Endpoint Client when the 0x002224A4 function is invoked with a specially crafted parameter. The IOCTL 0x00222084 handler in the Sysplant.sys device driver in Symantec Endpoint allows local users to overwrite header in kernel pool and execute arbitrary code to obtain system privileges.
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. A local unprivileged user who successfully exploited this vulnerability could execute arbitrary code with SYSTEM privileges. This module exploits the previous vulnerability to deploy an agent that runs with SYSTEM privileges.
This module exploits a vulnerability in Linux. The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces.
This module exploits a JPEG2000 vulnerability (CVE-2012-0897) in "vprintproxy.exe" through COM1 from the VMware guest operating system to the host operating system.
The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. This vulnerability is also known as VENOM.
This module exploits a local privilege escalation vulnerability in certain packages shipped with Sun xVM VirtualBox for the Linux platform. After successful exploitation an agent running as root will be installed.
The /opt/cma/bin/clear_keys.pl Perl script in Sophos Web Protection Appliance, which can be executed by the 'spiderman' user with the sudo command without password, is prone to an OS command injection vulnerability, because its close_connections() function does not escape the second argument of the script before using it within a string that will be executed as a command by using backticks. This vulnerability can be abused to escalate privileges within the appliance from 'spiderman' to root.
A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows a privilege escalation.
A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by remote attackers to install an agent with root privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a "popen3()" call, which could be exploited by malicious users to inject and execute arbitrary commands.