Marco Ivaldi

83 exploits Active since Dec 1999
CVE-2019-3010 NOMISEC HIGH WORKING POC
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2019-10149 NOMISEC CRITICAL WORKING POC
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVSS 9.8
CVE-2010-3847 METASPLOIT ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2019-3010 VULNCHECK_XDB HIGH WORKING POC
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2001-0797 VULNCHECK_XDB WORKING POC
SGI Irix - Buffer Overflow
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
CVE-2019-10149 VULNCHECK_XDB CRITICAL WORKING POC
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVSS 9.8
CVE-2018-14665 VULNCHECK_XDB MEDIUM WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2020-7247 VULNCHECK_XDB CRITICAL WORKING POC
Openbsd Opensmtpd - Improper Exception Handling
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2005-2428 EXPLOITDB shell WORKING POC
Lotus Domino R5-R6 WebMail - Info Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
CVE-2003-0190 EXPLOITDB shell WORKING POC
Openbsd Openssh < 3.6.1 - Information Disclosure
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2022-43752 WRITEUP HIGH WORKING POC
Oracle Solaris <10 - Privilege Escalation
Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.
CVSS 7.8
CVE-2023-24039 WRITEUP HIGH WORKING POC
Common Desktop Environment 1.6 - Buffer Overflow
A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.8
CVE-2023-24039 WRITEUP HIGH WRITEUP
Common Desktop Environment 1.6 - Buffer Overflow
A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.8
CVE-2023-24040 WRITEUP HIGH WRITEUP
Common Desktop Environment 1.6 - Info Disclosure
dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.1
CVE-2024-24334 WRITEUP HIGH WRITEUP
Rt-thread < 5.0.2 - Heap Buffer Overflow
A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.
CVSS 8.4
CVE-2024-24335 WRITEUP HIGH WRITEUP
Rt-thread < 5.0.2 - Heap Buffer Overflow
A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2.
CVSS 8.4
CVE-2024-25388 WRITEUP HIGH WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow.
CVSS 8.4
CVE-2024-25389 WRITEUP HIGH WRITEUP
RT-Thread <5.0.2 - Info Disclosure
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.
CVSS 7.5
CVE-2024-25390 WRITEUP HIGH WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.
CVSS 8.4
CVE-2024-25391 WRITEUP HIGH WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.
CVSS 8.4
CVE-2024-25392 WRITEUP MEDIUM WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.
CVSS 5.9
CVE-2024-25393 WRITEUP CRITICAL WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.
CVSS 9.8
CVE-2024-25394 WRITEUP MEDIUM WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character.
CVSS 4.3
CVE-2024-25395 WRITEUP HIGH WRITEUP
RT-Thread <5.0.2 - Buffer Overflow
A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2.
CVSS 8.8
CVE-2010-3847 EXPLOITDB ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.