Felix Wilhelm

16 exploits Active since Jan 2011
CVE-2018-1111 NOMISEC HIGH WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
12 stars
CVSS 7.5
CVE-2017-14493 NOMISEC CRITICAL WORKING POC
dnsmasq <2.78 - Buffer Overflow
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
4 stars
CVSS 9.8
CVE-2018-1111 NOMISEC HIGH WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVSS 7.5
CVE-2018-12904 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17.2 - Denial of Service via Nested Virtualization VMEXIT
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
CVSS 4.9
CVE-2018-1111 METASPLOIT HIGH ruby WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVSS 7.5
CVE-2010-4335 METASPLOIT ruby WORKING POC
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
CVE-2017-1000083 METASPLOIT HIGH ruby WORKING POC
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVSS 7.8
CVE-2010-4335 EXPLOITDB ruby WORKING POC
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
CVE-2017-14491 EXPLOITDB CRITICAL python WORKING POC
dnsmasq < 2.78 - Remote Code Execution via Crafted DNS Response
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVSS 9.8
CVE-2017-14493 EXPLOITDB CRITICAL python WORKING POC
dnsmasq <2.78 - Buffer Overflow
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVSS 9.8
CVE-2017-14495 EXPLOITDB HIGH python WORKING POC
dnsmasq <2.78 - DoS
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
CVSS 7.5
CVE-2017-14496 EXPLOITDB HIGH python WORKING POC
dnsmasq <2.78 - DoS
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVSS 7.5
CVE-2017-14494 EXPLOITDB MEDIUM python WORKING POC
dnsmasq <2.78 - Info Disclosure
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVSS 5.9
CVE-2017-14492 EXPLOITDB CRITICAL python WORKING POC
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVSS 9.8
CVE-2018-1111 EXPLOITDB HIGH ruby WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVSS 7.5
CVE-2017-1000083 EXPLOITDB HIGH ruby WORKING POC
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVSS 7.8