Squirre17

5 exploits Active since Feb 2019
CVE-2022-42703 NOMISEC MEDIUM WORKING POC
Linux Kernel < 5.19.7 - Use After Free
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
4 stars
CVSS 5.5
CVE-2019-17621 NOMISEC CRITICAL WORKING POC
Dlink Dir-859 Firmware < 1.05b03 - OS Command Injection
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
3 stars
CVSS 9.8
CVE-2019-8985 NOMISEC CRITICAL WORKING POC
Netis-systems Wf2411 Firmware - Out-of-Bounds Write
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
2 stars
CVSS 9.8
CVE-2022-34598 GITLAB CRITICAL WORKING POC
H3C Magic R100 - Command Injection
The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.
CVSS 9.8
CVE-2021-4034 VULNCHECK_XDB HIGH WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8