Przemyslaw Frasunek

16 exploits Active since Aug 1999
CVE-2005-2072 EXPLOITDB c WORKING POC
Solaris 8-10 - Privilege Escalation via LD_AUDIT Environment Variable
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2005-2072 EXPLOITDB c WORKING POC
Solaris 8-10 - Privilege Escalation via LD_AUDIT Environment Variable
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2005-2071 EXPLOITDB perl WORKING POC
Solaris 10 - Local Privilege Escalation via Traceroute Argument Handling
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
CVE-2002-0542 EXPLOITDB c WORKING POC
OpenBSD <3.1 - Privilege Escalation
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
CVE-2001-0442 EXPLOITDB text WORKING POC
Mercury MTA POP3 Server for NetWare 1.48 - Buffer Overflow via APOP Command
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
CVE-2010-3301 EXPLOITDB c WORKING POC
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVE-2007-4573 EXPLOITDB c WORKING POC
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
CVE-1999-0774 EXPLOITDB c WORKING POC
mars_nwe - Buffer Overflow via Long Directory Names
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.
CVE-2007-4573 EXPLOITDB c WORKING POC
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
CVE-2009-2692 EXPLOITDB HIGH text WORKING POC
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
CVE-2003-1029 EXPLOITDB text WORKING POC
tcpdump <= 3.8.1 - Denial of Service via L2TP Protocol Parser
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
CVE-2001-1194 EXPLOITDB text WORKING POC
Zyxel Prestige 681 and 1600 - Denial of Service via Malformed IP Packets
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
CVE-2001-1029 EXPLOITDB text WRITEUP
OpenSSH <FreeBSD 4.4 - Privilege Escalation
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
EIP-2026-100959 EXPLOITDB c WORKING POC
FreeBSD 7.2 - VFS/devfs Race Condition
CVE-2009-3527 EXPLOITDB c WORKING POC
FreeBSD 6.3-6.4 - Race Condition in Pipe Close Function
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.
EIP-2026-100957 EXPLOITDB c WORKING POC
FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation