Julien Tinnes

15 exploits Active since Dec 2003
CVE-2011-1182 WRITEUP WRITEUP
Linux kernel <2.6.39 - Privilege Escalation
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
CVE-2005-2799 METASPLOIT ruby WORKING POC
Linksys WRT54G <4.20.7 - Buffer Overflow
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVE-2009-2692 METASPLOIT HIGH ruby WORKING POC
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
CVE-2009-2267 EXPLOITDB text WRITEUP
VMware ESX <4.0 - Privilege Escalation
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
CVE-2006-6332 EXPLOITDB ruby WORKING POC
MadWifi - Stack-Based Buffer Overflow in IEEE80211 Wireless Component
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
CVE-2006-6332 EXPLOITDB ruby WORKING POC
MadWifi - Stack-Based Buffer Overflow in IEEE80211 Wireless Component
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
CVE-2006-2451 EXPLOITDB c WORKING POC
Linux Kernel 2.6.13-2.6.17.3 & 2.6.16-2.6.16.23 - DoS & Privilege Escalation via suid_dumpable
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2003-0961 EXPLOITDB assembly WORKING POC
Linux kernel <2.4.22 - Privilege Escalation
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
CVE-2003-0985 EXPLOITDB c WORKING POC
Linux kernel 2.4.x < 2.4.21 - Denial of Service and Privilege Escalation via mremap Bounds Check Bypass
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
CVE-2003-0985 EXPLOITDB c WORKING POC
Linux kernel 2.4.x < 2.4.21 - Denial of Service and Privilege Escalation via mremap Bounds Check Bypass
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
CVE-2009-2692 EXPLOITDB HIGH text WORKING POC
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
CVE-2009-1894 EXPLOITDB text WORKING POC
PulseAudio <0.9.14 - Privilege Escalation
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
CVE-2004-0424 EXPLOITDB c WORKING POC
Linux kernel <2.6.3 - DoS/Buffer Overflow
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
CVE-2005-2799 EXPLOITDB ruby WORKING POC
Linksys WRT54G <4.20.7 - Buffer Overflow
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVE-2005-2799 EXPLOITDB ruby WORKING POC
Linksys WRT54G <4.20.7 - Buffer Overflow
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.