Z3R0-0x30

5 exploits Active since Oct 2014
CVE-2021-4034 NOMISEC HIGH WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8
CVE-2021-40964 NOMISEC MEDIUM WORKING POC
TinyFileManager <=2.4.6 - Path Traversal
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.
CVSS 6.5
CVE-2019-20085 NOMISEC HIGH WORKING POC
TVT Nvms-1000 Firmware - Path Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
CVSS 7.5
CVE-2014-6287 NOMISEC CRITICAL WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS 9.8
CVE-2015-3306 NOMISEC WORKING POC
ProFTPD 1.3.5 - RCE
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.