Michal Zalewski

41 exploits Active since Dec 1997
CVE-2000-0703 EXPLOITDB perl WORKING POC
perl - Local Privilege Escalation via suidperl Escape Sequence Injection
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
CVE-2000-0378 EXPLOITDB c WORKING POC
Linux pam_console - Info Disclosure
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
EIP-2026-102975 EXPLOITDB c WORKING POC
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (1)
CVE-2000-0698 EXPLOITDB text WRITEUP
Minicom <1.82.1 - Local Privilege Escalation
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
CVE-2000-1095 EXPLOITDB bash WORKING POC
modutils 2.3.x - Command Injection
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
CVE-1999-0720 EXPLOITDB c WORKING POC
Linux Kernel - Unauthenticated TTY Terminal Device Modification via pt_chown
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
CVE-2014-6277 EXPLOITDB text WRITEUP
GNU Bash through 4.3 bash43-026 - Remote Code Execution via Environment Variable Function Parsing
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
CVE-2000-0286 EXPLOITDB c WORKING POC
Redhat Linux - Denial of Service
X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
CVE-2008-1762 EXPLOITDB html WORKING POC
Opera < 9.27 - Remote Code Execution via Crafted CANVAS Image Pattern
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
CVE-2006-4261 EXPLOITDB html WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4253. Reason: This candidate is a duplicate of CVE-2006-4253. Notes: All CVE users should reference CVE-2006-4253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-4253 EXPLOITDB text WRITEUP
K-Meleon - Remote Code Execution via JavaScript Timed Events and XML File Redirection
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
CVE-2005-0815 EXPLOITDB bash WORKING POC
Linux Kernel <= 2.6.11 - Denial of Service or Memory Corruption via ISO9660 Filesystem Handler
Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
CVE-2002-1380 EXPLOITDB c WORKING POC
Linux kernel 2.2.x - Denial of Service via mmap PROT_READ on /proc/pid/mem
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
CVE-1999-1018 EXPLOITDB c WORKING POC
Linux kernel <2.2.10 - Info Disclosure
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.
EIP-2026-102645 EXPLOITDB c WORKING POC
Linux Kernel 2.0 Sendmail - Denial of Service
CVE-1999-1109 EXPLOITDB bash WORKING POC
sendmail < 8.10.0 - Denial of Service via ETRN Command Handling
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.