Roee Hay

5 exploits Active since Jul 2009
CVE-2016-10277 NOMISEC HIGH WORKING POC
Linux Kernel - Elevation of Privilege via Motorola Bootloader
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
81 stars
CVSS 7.8
CVE-2016-8467 NOMISEC MEDIUM SCANNER
Android < 7.1.0 - Elevation of Privilege via Bootloader Modem Command Execution
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.
7 stars
CVSS 5.5
CVE-2011-2357 EXPLOITDB java WORKING POC
Android 2.3.4 and 3.1 - Cross-Application Scripting via Browser URL Loading
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
CVE-2009-1869 EXPLOITDB text WRITEUP
Adobe AIR < 1.5.2 - Integer Overflow in AVM2 abcFile Parser
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
CVE-2016-10277 EXPLOITDB HIGH text WORKING POC
Linux Kernel - Elevation of Privilege via Motorola Bootloader
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
CVSS 7.8