Steve Grubb

7 exploits Active since May 2003
CVE-2022-1117 WRITEUP HIGH WRITEUP
fapolicyd 1.1.2 - Runtime Linker Detection Bypass Allows Execution
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.
CVSS 8.4
CVE-2003-0740 EXPLOITDB c WORKING POC
Stunnel <4.00-3.24 - Local Privilege Escalation
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
CVE-2004-0233 EXPLOITDB text WRITEUP
SGI Propack - Path Traversal
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVE-2007-0001 EXPLOITDB text WORKING POC
Red Hat Enterprise Linux 4 - Denial of Service via Audit Subsystem File Watch
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
CVE-2003-1307 EXPLOITDB c WORKING POC
Apache mod_php - Local Privilege Escalation
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.
CVE-2003-0211 EXPLOITDB bash WORKING POC
Xinetd - Denial of Service
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
EIP-2026-102776 EXPLOITDB perl WORKING POC
Apache 2.0.4x mod_perl - File Descriptor Leakage (3)