Marco Ivaldi

83 exploits Active since Dec 1999
CVE-2003-0834 EXPLOITDB c WORKING POC
SCO Open UNIX and UnixWare - Buffer Overflow via DTHELPUSERSEARCHPATH or DTSEARCHPATH Environment Variable
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
CVE-2003-0834 EXPLOITDB c WORKING POC
SCO Open UNIX and UnixWare - Buffer Overflow via DTHELPUSERSEARCHPATH or DTSEARCHPATH Environment Variable
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
CVE-1999-1587 EXPLOITDB bash WORKING POC
Solaris 8 and 9 - Unauthenticated Information Disclosure via /usr/ucb/ps -e Option
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
CVE-2007-5225 EXPLOITDB c WORKING POC
SunOS 8-10 - Unauthenticated Memory Read via FIFO I_PEEK ioctl
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
EIP-2026-114736 EXPLOITDB text WORKING POC
Solaris xscreensaver 11.4 - Privilege Escalation
CVE-2006-4842 EXPLOITDB bash WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2006-4842 EXPLOITDB bash WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
EIP-2026-114738 EXPLOITDB c WORKING POC
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
CVE-2006-4655 EXPLOITDB c WORKING POC
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
CVE-2018-14665 EXPLOITDB MEDIUM bash WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2001-0797 EXPLOITDB c WORKING POC
SGI IRIX - Buffer Overflow in Login via Telnet/Rlogin Arguments
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
CVE-2004-1364 EXPLOITDB WORKING POC
Oracle Application Server - Directory Traversal via extproc
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
CVE-2020-7247 EXPLOITDB CRITICAL perl WORKING POC
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2018-14665 EXPLOITDB MEDIUM bash WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2005-0711 EXPLOITDB c WORKING POC
MySQL <4.0.24 or 4.1.11 - Info Disclosure
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
CVE-2006-5229 EXPLOITDB bash WORKING POC
OpenSSH - Username Enumeration via Timing Discrepancy
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
EIP-2026-104029 EXPLOITDB WORKING POC
Oracle 9i/10g - 'read/write/execute' ation Suite
CVE-2004-1364 EXPLOITDB WORKING POC
Oracle Application Server - Directory Traversal via extproc
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
CVE-2025-1731 EXPLOITDB HIGH WORKING POC
Zyxel uOS 1.20-1.31 - Authenticated Privilege Escalation via PostgreSQL Command Injection
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.
CVSS 7.8
CVE-2018-14665 EXPLOITDB MEDIUM bash WORKING POC
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 6.6
CVE-2006-7141 EXPLOITDB WORKING POC
Oracle Database Server - Authenticated Absolute Path Traversal via utl_file Functions
Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability
EIP-2026-103093 EXPLOITDB c WORKING POC
Cyrus IMSPD 1.7 - 'abook_dbname' Remote Code Execution
CVE-2019-10149 EXPLOITDB CRITICAL ruby WORKING POC
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVSS 9.8
EIP-2026-102932 EXPLOITDB python WORKING POC
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
EIP-2026-102930 EXPLOITDB c WORKING POC
MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)