Wojciech Purczynski

11 exploits Active since Feb 2000
CVE-2003-1073 EXPLOITDB text WORKING POC
Solaris 2.6-9 - Local Privilege Escalation
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
CVE-2001-1246 EXPLOITDB php WORKING POC
PHP 4.0.5-4.1.0 - Command Injection via mail() Function 5th Parameter
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2010-3301 EXPLOITDB c WORKING POC
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVE-2000-0472 EXPLOITDB c WORKING POC
INN 2.2.2 - Remote Code Execution via Long Message ID in Cancel Request
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
CVE-2003-0127 EXPLOITDB c WORKING POC
Linux kernel <2.2.25-2.4.21 - Privilege Escalation
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
CVE-2001-0317 EXPLOITDB c WORKING POC
Linux kernel <2.5 - Privilege Escalation
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
CVE-2007-4573 EXPLOITDB c WORKING POC
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
CVE-2003-0961 EXPLOITDB c WORKING POC
Linux kernel <2.4.22 - Privilege Escalation
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
CVE-2001-0317 EXPLOITDB c WORKING POC
Linux kernel <2.5 - Privilege Escalation
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
CVE-2000-0506 EXPLOITDB bash WORKING POC
Linux Kernel - Privilege Escalation via Setuid/Setcap Capabilities Bypass
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
CVE-2003-0127 EXPLOITDB c WORKING POC
Linux kernel <2.2.25-2.4.21 - Privilege Escalation
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.