Stealth

12 exploits Active since Jul 1999
CVE-2015-1815 WRITEUP WORKING POC
setroubleshoot < 3.2.22 - Remote Code Execution via Filename Shell Metacharacters
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
CVE-2009-4147 METASPLOIT ruby WORKING POC
FreeBSD 7.1-8.0 - Privilege Escalation
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
CVE-2017-8422 EXPLOITDB HIGH c WORKING POC
KDE kdelibs < 4.14.32 and KAuth < 5.34 - Authentication Bypass via CallerID Spoofing
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
CVSS 7.8
CVE-2009-4146 METASPLOIT ruby WORKING POC
FreeBSD 7.1-8.0 - Privilege Escalation
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
CVE-1999-0879 EXPLOITDB c WORKING POC
BSD/OS - Buffer Overflow via Macro Variables in Message File
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
CVE-2002-0048 EXPLOITDB c WORKING POC
rsync - Remote Code Execution via Signedness Error in I/O Functions
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
EIP-2026-103157 EXPLOITDB c WORKING POC
Linux Kernel 2.2 - TCP/IP Spoof IP
CVE-2000-0223 EXPLOITDB c WORKING POC
wmcdplay - Buffer Overflow via Long Parameter
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
CVE-2017-8849 EXPLOITDB HIGH c WORKING POC
smb4k < 2.0.1 - Privilege Escalation via Mount Helper DBUS Service
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
CVSS 7.8
CVE-2000-0230 EXPLOITDB c WORKING POC
halloween_linux - Buffer Overflow via HOME Environmental Variable
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
EIP-2026-102682 EXPLOITDB c WORKING POC
ml2 - Local users can Crash processes
CVE-1999-1394 EXPLOITDB text WRITEUP
BSD 4.4 - Authenticated Immutable Flag Bypass via Filesystem Editor
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.