Mark Wadham

17 exploits Active since Apr 2017
CVE-2017-7642 WRITEUP HIGH WRITEUP
HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS 7.8
CVE-2017-16928 EXPLOITDB HIGH ruby WORKING POC
Arq < 5.10 - Local Privilege Escalation via Crafted Update URL
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
CVSS 7.8
CVE-2017-16945 EXPLOITDB HIGH bash WORKING POC
Arq < 5.10 - Local Privilege Escalation via Crafted Restore Path
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
CVSS 7.8
CVE-2017-15357 EXPLOITDB HIGH bash WORKING POC
Arq < 5.9.7 - Local Privilege Escalation via Symlink Attack on Updater Binary
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVSS 7.4
CVE-2017-16895 EXPLOITDB HIGH ruby WORKING POC
Arq 5.0.0.65-5.9.9 - Local Privilege Escalation via Helper App Data Packet
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
CVSS 7.8
CVE-2017-15358 EXPLOITDB HIGH text WORKING POC
Charles Proxy < 4.2.1 - Local Privilege Escalation via Race Condition in Settings Binary
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
CVSS 7.0
CVE-2017-11741 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVSS 8.8
CVE-2017-12579 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion < 4.0.24 - Unauthenticated Privilege Escalation via SUID Wrapper Binary
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVSS 7.8
EIP-2026-103369 EXPLOITDB WRITEUP
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation
CVE-2017-16001 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion Plugin 5.0.1 - Local Privilege Escalation via Update Process Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS 7.8
CVE-2017-16777 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVSS 7.8
CVE-2017-7642 EXPLOITDB HIGH text WORKING POC
HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS 7.8
EIP-2026-103378 EXPLOITDB bash WORKING POC
Murus 1.4.11 - Local Privilege Escalation
CVE-2017-7643 EXPLOITDB HIGH text WORKING POC
Proxifier for Mac <2.19 - Privilege Escalation
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
CVSS 7.8
CVE-2017-7690 EXPLOITDB HIGH bash WORKING POC
Proxifier for Mac <2.19.2 - Privilege Escalation
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
CVSS 7.8
CVE-2017-15918 EXPLOITDB HIGH bash WORKING POC
Sera 1.2 - Insufficiently Protected Credentials via Plain Text Password Storage
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
CVSS 7.8
CVE-2017-15884 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion 5.0.0 - Local Privilege Escalation via Plugin Update Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS 7.0