Matthias Gerstner

3 exploits Active since Apr 2017
CVE-2025-27591 NOMISEC MEDIUM WORKING POC
Below < 0.9.0 - Privilege Escalation via World-Writable Log Directory
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
1 stars
CVSS 6.8
CVE-2024-22365 WRITEUP MEDIUM WRITEUP
linux-pam < 1.6.0 - Denial of Service via mkfifo O_DIRECTORY Bypass
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
CVSS 5.5
CVE-2017-7572 WRITEUP HIGH WRITEUP
Back In Time <1.1.18 - Privilege Escalation
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
CVSS 8.1