Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847-dirty-pipe-exploit An exploit for CVE-2022-0847...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Original URL https://dirtypipe.cm4all.com/...

CVE-2022-25213

CVE-2022-25213 describes improper physical access control and hard-coded credentials in /etc/passwd that allow an attacker with physical access to obtain a root shell via an unprotected UART port, which also exposes an unauthenticated Das U-Boot BIOS shell. The description applies to devices with...

CVE-2022-25217

CVE-2022-25217 involves hard-coded RSA keys in telnetd_startup on Phicomm/K2 and K3C firmware. A local attacker within the LAN can obtain a root shell by leveraging the leaked private key to trigger telnetd_startup via scripted UDP exchanges, spawning an unauthenticated root telnet shell. Concret...

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

Exploit for Improper Initialization in Linux Linux_Kernel

What is this This is Max Kellermann's proof of concept for Di...

Cyclades Serial Console Server 3.3.0 Privilege Escalation

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The repository contains Python code that exploits this vulnerability to gain root privileges. The code is based on the original C code by blasty and uses the msfvenom payload generator to create a shared...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

This repository is a proof-of-concept PoC exploit for CVE-2021-4034, a vulnerability in the polkit privilege escalation exploit. The exploit is implemented in C and uses the execve system call to execute a shell with elevated privileges. The vulnerability is related to the way polkit handles user...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 polkit privilege escalation exploit Just ex...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

pwnKit About: Title: pwnKit Description: Privilege esc...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

pwnKit About: Title: pwnKit Description: Privilege esc...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation expl...

CVE-2021-20161

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with...

CVE-2021-20161

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with...

Exploit for Code Injection in Mariadb

CVE-2021-27928 POC Description A remote code execution is...

CVE-2021-43283

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the...

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...