A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE is based on the original CDE 1.x train, which is different from the CDE 2.x codebase that was later open sourced. Most notably, the vulnerable buffer in the Oracle Solaris CDE is stack-based, while in the open source version it is heap-based.
f61714fa339de224c3899e225d64a420A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.
d43954458731660f576f082539a29af3SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.
55c1e1683127ba3a3c82c35279e5e6dbDebian Linux Security Advisory 4601-1 - It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
693cc7f45920414191581d78799f2d01Microsoft Windows 10 UAC bypass local privilege escalation exploit.
16db619cfe3e07e3c53b9e243f5882b4Plantronics Hub version 3.13.2 suffers from a local privilege escalation vulnerability.
940f917a8a972290c818f9bafe30c592Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.
6426b023a6749568c0e3de1d4ba2531aLocal root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.
fa32a042469b8505c6692ec2c13703e4A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution. The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent. The Windows agent in CA Client Automation versions 14.0, 14.1, 14.2, and 14.3 are affected.
4c908b14b51fa900e872fe1a397e84c2The Deutsche Bahn Ticket Vending Machine suffers from a local kiosk privilege escalation vulnerability.
4376153b371da66bed953baa93a097beThis Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first (CVE-2019-1405) uses the UPnP Device Host Service to elevate to NT AUTHORITY\LOCAL SERVICE. The second (CVE-2019-1322) leverages the Update Orchestrator Service to elevate from NT AUTHORITY\LOCAL SERVICE to NT AUTHORITY\SYSTEM.
8771710762dc8716de0e038c77c98625FTP Commander Pro version 8.03 suffers from a local stack overflow vulnerability.
925505483680514fa64f204f5dad0883Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.
5cd25d74e467c8f83e9ece30c0c6b982Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
ea9e9078ff2e175332f0095c60284458SpotAuditor version 5.3.2 Base64 local buffer overflow SEH exploit.
67c769fde0bc2d49be93a7f6690b9476Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.
d6969e8f9fe831e7159e05c1c9e6aa26Ubuntu Security Notice 4194-2 - USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
cc0a41edc0113de4656d0b2fdb8c6538Ubuntu Security Notice 4210-1 - It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
2dffe6f365bbfab733df27756d97d663Ubuntu Security Notice 4211-1 - Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
c3d12483858f3736b29e481ef759a4b9Ubuntu Security Notice 4211-2 - USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
fad8472da76f2823f7e48fc875f70f76Ubuntu Security Notice 4208-1 - Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
f54701b90a79c629aed1748d3b7462c2Ubuntu Security Notice 4209-1 - Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
1c2085746e123492f42ae3e8716e4219Whitepaper called Remote File Inclusion / Local File Inclusion Attack and Defense Techniques. This paper focuses on PHP-based attacks.
34f21e6ac1aa7a3653bb417dc20e8aafGNU Mailutils versions 2.0 through 3.7 suffer from a local privilege escalation vulnerability.
3cd7ca09d51964b1583d6172f508e129Debian Linux Security Advisory 4568-1 - Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
d197437ba4eb0f0378e07f5635ab426b
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed