Jon Hart

34 exploits Active since Jan 2003
EIP-2026-102967 EXPLOITDB c WORKING POC
RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation
CVE-2007-1057 EXPLOITDB bash WORKING POC
Nortel Application Switch 2424-1000 - Local Privilege Escalation
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
EIP-2026-102968 EXPLOITDB c WORKING POC
RealPlayer 9 *nix - Local Privilege Escalation
EIP-2026-102777 EXPLOITDB c WORKING POC
Apache::Gallery 0.4/0.5/0.6 - Insecure File Storage Privilege Escalation
CVE-2006-3733 EXPLOITDB perl WORKING POC
Cisco Security Monitoring, Analysis and Response System < 4.2.1 - Remote Code Execution via JMX-Console HtmlAdaptor
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
CVE-2006-3734 EXPLOITDB perl WORKING POC
Cisco Security Monitoring, Analysis and Response System <4.2.1 - Co...
Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.
CVE-2015-3628 EXPLOITDB ruby WORKING POC
F5 BIG-IP and BIG-IQ - Authenticated Privilege Escalation via iCall Script or Handler
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
CVE-2004-0580 EXPLOITDB c WORKING POC
Linksys BEFSR11 BEFSR41 BEFSR81 BEFSRU31 - Information Disclosure via DHCP BOOTP Reply Buffer
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
CVE-2003-0001 EXPLOITDB perl WORKING POC
FreeBSD - Information Exposure via Ethernet NIC Frame Padding
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.