Lucene search
+L

156 matches found

GithubExploit
GithubExploit
added 2022/01/29 7:59 p.m.267 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PwnKit Vulnerability - Local Privilege Escalation - Title:...

7.8CVSS7.6AI score0.94921EPSS
Exploits152
CheckPoint Security
CheckPoint Security
added 2022/01/29 12:0 a.m.48 views

Check Point Response to CVE-2021-4034 - local privilege escalation in polkit's pkexec

Symptoms - A Local Privilege Escalation from any user to root was discovered in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. The vulnerability allows unprivileged users to run commands as privileged users according to predefined policies. Fo...

7.8CVSS7AI score0.94921EPSS
Exploits152
FreeBSD
FreeBSD
added 2022/01/25 12:0 a.m.59 views

polkit -- Local Privilege Escalation

Qualys reports: We discovered a Local Privilege Escalation from any user to root in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution...

7.8CVSS3.5AI score0.94921EPSS
Exploits152References1
Tenable Nessus
Tenable Nessus
added 2018/09/28 12:0 a.m.48 views

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2907-1)

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in createelftables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full roo...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References36
ThreatPost
ThreatPost
added 2018/09/27 4:0 p.m.120 views

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

A local-privilege escalation vulnerability in the Linux kernel affects all current versions of Red Hat Enterprise Linux and CentOS, even in their default/minimal installations. It would allow an attacker to obtain full administrator privileges over the targeted system, and from there potentially...

7.2CVSS1.9AI score0.14806EPSS
Exploits6References4
0day.today
0day.today
added 2018/06/13 12:0 a.m.228 views

glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

4.3CVSS6.3AI score0.13368EPSS
Exploits17
Metasploit
Metasploit
added 2018/05/26 9:25 p.m.199 views

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

7.8CVSS8.6AI score0.13368EPSS
Exploits9
0day.today
0day.today
added 2017/12/06 12:0 a.m.62 views

Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to...

7.2CVSS7.4AI score0.00984EPSS
Exploits3
exploitpack
exploitpack
added 2017/12/06 12:0 a.m.23 views

Arq 5.9.7 - Local Privilege Escalation

Arq 5.9.7 - Local Privilege Escalation =begin As well as the other bugs affecting Arq " backupset = "0" 40 hmac = "0" 40 payload = sprintf "%s%s%s%s$%s%s\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00" + "...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/06 12:0 a.m.90 views

Arq 5.9.7 - Local Privilege Escalation

=begin As well as the other bugs affecting Arq " backupset = "0" 40 hmac = "0" 40 payload = sprintf "%s%s%s%s$%s%s\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00" +...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/06 12:0 a.m.116 views

Proxifier for Mac 2.19 - Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

7.8CVSS7.7AI score0.00965EPSS
Exploits8
Exploit DB
Exploit DB
added 2017/12/06 12:0 a.m.77 views

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation

Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to root privesc with no user interaction so isn't the ki...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/07/18 12:0 a.m.58 views

Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Exploit

Exploit for macOS platform in category local exploits I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning the ruby code...

7.2CVSS7.4AI score0.01229EPSS
Exploits3
exploitpack
exploitpack
added 2017/07/18 12:0 a.m.30 views

Hashicorp vagrant-vmware-fusion 4.0.20 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 4.0.20 - Local Privilege Escalation I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning t...

0.8AI score
Exploits0
0day.today
0day.today
added 2017/04/11 12:0 a.m.67 views

Proxifier for Mac 2.17 / 2.18 - Privelege Escalation Exploit

Exploit for macOS platform in category local exploits Source: https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html Proxifier 2.18 also 2.17 and possibly some earlier version ships with a KLoader binary which it installs suid root the first time Proxifier is run. Th...

7.2CVSS7.4AI score0.00965EPSS
Exploits8
exploitpack
exploitpack
added 2016/10/31 12:0 a.m.15 views

Apple OS XiOS Kernel - IOSurface Use-After-Free

Apple OS XiOS Kernel - IOSurface Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free th...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/03/23 12:0 a.m.85 views

Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution

Exploit for multiple platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task...

9.3CVSS0.12671EPSS
Exploits9
0day.today
0day.today
added 2015/09/11 12:0 a.m.49 views

OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...

9.3CVSS8.9AI score0.07421EPSS
Exploits1
exploitpack
exploitpack
added 2015/09/10 12:0 a.m.17 views

Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation

Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2015/09/10 12:0 a.m.25 views

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends t...

Exploits0
Rows per page
Query Builder