Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The repository contains Python code that exploits this vulnerability to gain root privileges. The code is based on the original C code by blasty and uses the msfvenom payload generator to create a shared...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of course...

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and create a TCP reverse shell to the attacker's machine. The target of the exploit is the Linux kernel, and the vulnerability class is a...

Mozilla Firefox Security Advisory (MFSA2013-87) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Exploit for Unrestricted Upload of File with Dangerous Type in Embedthis Goahead

Goahead webserver pre v5.1.5 RCE PoC CVE-2021-42342 A rec...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is an exploit module/toolkit targeting the CVE-2021-3156 sudo vulnerability, dubbed Baron Samedit by Qualys. The target product/service is the sudo command, and the vulnerability class/vector is a heap-based overflow. The probable entry point is the sudoedit function, which is a part of the...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The co...

CVE-2021-28249

CA eHealth Performance Manager up to version 6.3.2.12 is affected by a Privilege Escalation due to a Dynamically Linked Shared Object Library. An attacker must place a malicious library in the writable RPATH, which is loaded when the FtpCollector executable runs, causing the code in the library t...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

CVE-2021-28246

CVE-2021-28246 affects CA eHealth Performance Manager up to version 6.3.2.12. The issue is a privilege-escalation defect where a regular user can place a malicious library in the writable RPATH, which is dynamically linked when the emtgtctl2 executable runs, causing the library code to execute wi...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

PT-2021-17834 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue allows for privilege escalation via a dynamically linked shared object library. To exploit this, the ehealth user must create a malicious library in the...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

EulerOS 2.0 SP5 : bash (EulerOS-SA-2020-1303)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to...