Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted mount or nmount system call, related to copying of "user defined data" in "certain error conditions".

This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access.

A local user can invoke sendfile system call, with certain options to execute arbitrary code and gain privileged access.

Remote attackers can exploit this issue to execute arbitrary code with super-user privileges, compromising the security of the affected computers.

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets.Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail.

This module exploits a kernel memory corruption in the Linux compatibility layer.

This module exploits a vulnerability in ESET Smart Security EPFW.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

This module exploits a vulnerability in ElbyCDIO.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

This module exploits a vulnerability in OpenBSD crontab entries that allow arbitrary commands execution as root. To exploit the vulnerability this exploit will create an agent in the target filesystem which will be automatically executed later (with root privileges) by a crontab vulnerable security entry (/etc/daily | mail). Once the agent gets executed, it is possible to connect to it. If the exploit succeeds, a new agent will be installed with root privileges.

Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.