This module exploits a privilege escalation vulnerability in Panda Internet Security.
This module exploits a privilege escalation vulnerability in the AppFlt.sys driver of Panda Global Protection. The vulnerable driver trusts some values passed from user mode via IOCTL 0x06660E1C, which can be leveraged to corrupt memory in the kernel address space. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges.
The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges.
The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. Note that this vulnerability can be exploited on Windows Guest operating systems with the Guest Additions installed, even when the 'Shared Folders' feature is not being used.
The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS.
The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Windows Guest OS can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host OS.
In the kernel code for the setitimer() system call the 'which' parameter (which is a signed integer) is validated with the mistaken assumption that the value cannot be negative. Passing a negative value for this parameter results in writing into an array indexed with the 'which' parameter and overwriting memory outside the array. This exploit overwrites the current credential structure of the current process to set the user id to 0 (root) then launches a new agent.
The nfds (number of file descriptors) argument to the select() system call is a signed integer. Bounds checking code in the kernel evaluates this argument in a signed context. By passing negative arguments it is possible to cause the kernel to copy a large amount of data from userspace into a buffer on the stack, overflowing the allocated space. This module exploits the vulnerability to lower the system security level to -1 and launches an agent with root privileges.
A vulnerability exists in the system component that handles the Virtual DOS Machine (VDM) subsystem. A local attacker may exploit this vulnerability in order to run code with elevated privileges, fully compromising the vulnerable computer. This module exploits that vulnerability to change the agent's process access token, gaining SYSTEM privileges.
This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL. The vulnerability allows local users to overwrite memory and execute arbitrary code via a malformed Interrupt Request Packet (Irp) parameters.