Lucene search
+L

138 matches found

Gitee
Gitee
added 2020/09/10 11:10 p.m.8 views

ios-resources

PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...

6.7AI score
Exploits0
Oracle linux
Oracle linux
added 2020/05/05 12:0 a.m.66 views

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

3.3CVSS5.6AI score0.00409EPSS
Exploits0
Veracode
Veracode
added 2020/04/10 12:54 a.m.31 views

Denial Of Service (DoS)

glibc is vulnerable to privilege escalation. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use...

6.9CVSS2.8AI score0.08747EPSS
Exploits20References25Affected Software1
Veracode
Veracode
added 2020/04/10 12:49 a.m.33 views

Privilege Escalation

glibc is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects DSOs to provide callbacks for its auditing API during the execution of privileged programs. ...

7.2CVSS4.4AI score0.09454EPSS
Exploits24References28Affected Software1
Positive Technologies
Positive Technologies
added 2020/03/20 12:0 a.m.10 views

PT-2020-19976 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.2 Description: A code injection issue allows loading arbitrary code when starting the client with DYLD INSERT LIBRARIES set in the environment. Recommendations: For Nextcloud Desktop Client version 2.6.2, ...

6.7CVSS6.8AI score0.00689EPSS
Exploits1References6
OSV
OSV
added 2019/12/12 1:15 a.m.3 views

CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LDLIBRARYPATH in setuid programs can be defeated by setting a very small RLIMITDATA resource limit. When executing chpass or passwd which are setuid root, dlsetupenv in ld.so tries to strip LDLIBRARYPATH from the...

7.8CVSS7.2AI score0.03522EPSS
Exploits12References9
Kitploit
Kitploit
added 2019/12/01 9:1 p.m.78 views

Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust

Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.31.1. Add to your Cargo.toml dependencies goblin = "0.1" Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation - wow! zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o pars...

7AI score
Exploits0References41
Oracle linux
Oracle linux
added 2018/06/25 12:0 a.m.102 views

glibc security and bug fix update

2.12-1.212.0.1 - backport rh patch 1047983 from OL7, Orabug 25407655 2.12-1.212 - CVE-2017-15670: glob: Fix one-byte overflow with GLOBTILDE 1504810 - CVE-2017-15804: glob: Fix buffer overflow in GLOBTILDE unescaping 1504810 2.12-1.211 - Avoid large allocas in the dynamic linker 1452717 2.12-1.21...

9.8CVSS3.6AI score0.02977EPSS
Exploits0
0day.today
0day.today
added 2018/04/01 12:0 a.m.81 views

glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit

Exploit for linux platform in category local exploits require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on...

7.2CVSS6.5AI score0.09454EPSS
Exploits35
0day.today
0day.today
added 2018/02/10 12:0 a.m.549 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

7.2CVSS0.4AI score0.09454EPSS
Exploits35
Packet Storm
Packet Storm
added 2018/02/10 12:0 a.m.71 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT Arbitrary DSO Load Privilege Escalation', 'Description' = %q...

7.2CVSS6.7AI score0.09454EPSS
Exploits35
Packet Storm
Packet Storm
added 2018/02/10 12:0 a.m.49 views

glibc '$ORIGIN' Expansion Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...

6.9CVSS6.7AI score0.08747EPSS
Exploits20
Metasploit
Metasploit
added 2018/02/09 9:15 p.m.79 views

glibc '$ORIGIN' Expansion Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables which...

6.9CVSS7.6AI score0.08747EPSS
Exploits20
Metasploit
Metasploit
added 2018/01/28 5:11 a.m.120 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...

7.2CVSS7.4AI score0.09454EPSS
Exploits35
Tenable Nessus
Tenable Nessus
added 2018/01/24 12:0 a.m.43 views

Fedora 27 : glibc (2018-7714b514e2)

This update addresses two security vulnerabilities : - CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with $ORIGIN rpaths/runpaths do not cause the dynamic linker to search the current directory,...

9.3CVSS7.6AI score0.13368EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2018/01/24 12:0 a.m.43 views

Fedora 26 : glibc (2018-8e27ad96ed)

This update addresses two security vulnerabilities : - CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory corruption in the glob and glob64 function. RHBZ1505298, RHBZ1504807 - CVE-2017-16997: Check for empty tokens before dynamic string token expansion i...

9.8CVSS6.9AI score0.13368EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.28 views

Fedora 27 : glibc (2017-828f8a8fc6)

This update addresses RHBZ1468837, which caused bash to lack job control in mock chroots. Note that glibc inside the chroot needs to be upgraded for the fix to be effective. In additon, two dynamic linker issues where fixed which are not security bugs, but received CVE IDs nevertheless RHBZ152486...

7.8CVSS7.1AI score0.0145EPSS
Exploits6References3
Prion
Prion
added 2017/12/12 7:29 p.m.31 views

Remote code execution

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

6.8CVSS8.2AI score0.96327EPSS
Exploits15References8Affected Software1
OSV
OSV
added 2017/12/12 7:29 p.m.6 views

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

8.1CVSS7.8AI score0.96327EPSS
Exploits15References9
NVD
NVD
added 2017/12/12 7:29 p.m.35 views

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

8.1CVSS8.4AI score0.96327EPSS
Exploits15References9
Rows per page
Query Builder