29 matches found
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
Ollama Model Registry Path Traversal RCE
Ollama before 0.1.34 is vulnerable to a path traversal attack via the model pull mechanism CVE-2024-37032. When pulling a model, the digest field in OCI manifests is not validated, allowing an attacker to inject path traversal sequences to write arbitrary files on the server. This module starts a...
📄 Ollama Model Registry Path Traversal / Remote Code Execution
Ollama versions prior to 0.1.34 are vulnerable to a path traversal attack via the model pull mechanism CVE-2024-37032. When pulling a model, the digest field in OCI manifests is not validated, allowing an attacker to inject path traversal sequences to write arbitrary files on the server. This...
Exploit for OS Command Injection in Docker
!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.183047...
📄 GNU Screen 4.5.0 Local Privilege Escalation
GNU Screen version 4.5.0 local privilege escalation exploit that leverages shared library loading. GNU Screen 4.5.0 Local Privilege Escalation Exploit CVE-2017-5618 📌 Overview Local privilege escalation exploit for GNU Screen 4.5.0 that hijacks shared library loading to gain root access via...
Exploit for Incorrect Authorization in Gnu Screen
GNU Screen 4.5.0 Local Privilege Escalation Exploit CVE-201...
Exploit for Incorrect Authorization in Gnu Screen
CVE-2017-5618-SetUid-Screen-4.5.0-Root-Exploit Local privile...
S-nail < 14.8.16 - Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c...
AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the...
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AddressSanitizer ASan SUID Executable Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems usi...
AddressSanitizer (ASan) SUID Executable Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AddressSanitizer ASan SUID Executable Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems usi...
S-nail 14.8.16 - Local Privilege Escalation
S-nail 14.8.16 - Local Privilege Escalation !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling...
ASAN/SUID - Local Privilege Escalation
!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...
ASANSUID - Local Privilege Escalation
ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...
GNU Screen 4.5.0 Local Root Privilege Escalation
!/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+ First, we create our shell and library..." ca...
GNU Screen 4.5.0 - Local Privilege Escalation
GNU Screen 4.5.0 - Local Privilege Escalation !/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+...
GNU Screen 4.5.0 - Local Privilege Escalation
!/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+ First, we create our shell and library..." ca...
OracleVM 3.3 : pam (OVMSA-2015-0117)
The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-3238 - DoS due to blocking pipe with very long password - make pampwhistory and pamunix tolerant of opasswd file corruption - pamuserdb: allow any crypt hash algorithm to be used 1119289 ...
CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation Exploit
No description provided by source. / cve-2008-5377.c CUPS 1.3.8-4 pstopdf filter exploit Jon Oberheide [email protected] http://jon.oberheide.org Usage: $ gcc cve-2008-5377.c -o cve-2008-5377.c $ ./cve-2008-5377 $ id uid=0root gid=1000vm ... Information:...
MTools 3.9.x MFormat Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the...