Marco Ivaldi

83 exploits Active since Dec 1999
CVE-2006-4842 METASPLOIT ruby WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2019-3010 METASPLOIT HIGH ruby WORKING POC
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2010-3856 METASPLOIT ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2019-10149 METASPLOIT CRITICAL ruby WORKING POC
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVSS 9.8
EIP-2026-118939 EXPLOITDB text WORKING POC
MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution
CVE-2007-0977 EXPLOITDB bash WORKING POC
IBM Lotus Domino R5-R6 WebMail - Info Disclosure
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
CVE-2007-1738 EXPLOITDB text WORKING POC
Truecrypt - Denial of Service
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
CVE-2004-0360 EXPLOITDB c WORKING POC
Solaris 8.0-9.0 - Privilege Escalation
Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
CVE-2020-2944 EXPLOITDB HIGH c WORKING POC
Oracle Solaris <11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2006-4842 EXPLOITDB ruby WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
EIP-2026-114721 EXPLOITDB c WORKING POC
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
EIP-2026-114722 EXPLOITDB c WORKING POC
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
EIP-2026-114723 EXPLOITDB c WORKING POC
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
EIP-2026-114724 EXPLOITDB c WORKING POC
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
EIP-2026-114725 EXPLOITDB c WORKING POC
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
EIP-2026-114728 EXPLOITDB c WORKING POC
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
CVE-2006-4842 EXPLOITDB bash WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2006-4842 EXPLOITDB bash WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2006-4842 EXPLOITDB bash WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
EIP-2026-114729 EXPLOITDB c WORKING POC
Solaris 10 libXm - Buffer overflow Local privilege escalation
CVE-2006-3824 EXPLOITDB c WORKING POC
Sun Solaris - Info Disclosure
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
CVE-2019-3010 EXPLOITDB HIGH text WORKING POC
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2003-0609 EXPLOITDB c WORKING POC
Solaris <9 - Buffer Overflow
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
EIP-2026-114734 EXPLOITDB c WORKING POC
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
EIP-2026-114735 EXPLOITDB c WORKING POC
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)