Jon Oberheide

34 exploits Active since May 2005
CVE-2009-1185 EXPLOITDB ruby WORKING POC
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-0360 EXPLOITDB c WORKING POC
pam-krb5 <3.13 - Privilege Escalation
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
CVE-2008-5079 EXPLOITDB c WORKING POC
Linux Kernel <= 2.6.27.8 - Denial of Service via ATM Subsystem SVC Socket Handling
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
EIP-2026-102662 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.30.5 - 'cfg80211' Remote Denial of Service
CVE-2010-1173 EXPLOITDB python WORKING POC
Linux Kernel < 2.6.33.3 - Denial of Service via SCTPChunkInit Packet with Invalid Parameters
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
CVE-2009-0692 EXPLOITDB c WORKING POC
ISC DHCP <4.1.0p1-2.0 - Buffer Overflow
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
CVE-2007-2232 EXPLOITDB text WORKING POC
Cosign <= 2.0.1 - Authentication Bypass via CR Sequence in Cookie Parameter
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
CVE-2007-2233 EXPLOITDB text WORKING POC
Cosign <= 2.0.2 - Authenticated Privilege Escalation via Service Parameter CR Injection
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
CVE-2011-1350 EXPLOITDB c WORKING POC
Android < 2.3.6 - Information Exposure via PowerVR SGX Driver Request
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.