Bernd Leitner

5 exploits Active since Nov 2018
CVE-2018-18858 EXPLOITDB HIGH c WORKING POC
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.
CVSS 7.8
CVE-2018-18857 EXPLOITDB HIGH c WORKING POC
LiquidVPN < 1.37 - Unauthenticated OS Command Injection via XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.
CVSS 7.8
CVE-2018-18856 EXPLOITDB HIGH c WORKING POC
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.
CVSS 7.8
CVE-2018-18859 EXPLOITDB HIGH c WORKING POC
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.
CVSS 7.8
CVE-2018-18860 EXPLOITDB HIGH text WORKING POC
SwitchVPN 2.1012.03 - Local Privilege Escalation via SUID Binary
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
CVSS 7.8