blasty

37 exploits Active since Dec 2003
CVE-2021-4034 VULNCHECK_XDB HIGH WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8
CVE-2021-4034 VULNCHECK_XDB HIGH WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8
CVE-2012-6096 METASPLOIT ruby WORKING POC
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
CVE-2021-3156 METASPLOIT HIGH ruby WORKING POC
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS 7.8
CVE-2023-4911 METASPLOIT HIGH ruby WORKING POC
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS 7.8
CVE-2012-1182 METASPLOIT ruby WORKING POC
Samba < 3.4.16, 3.5.x < 3.5.14, 3.6.x < 3.6.4 - Remote Code Execution via RPC Array Length Validation Bypass
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
CVE-2003-1336 EXPLOITDB c WORKING POC
mIRC < 6.11 - Remote Code Execution via Long irc:// URL
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
CVE-2012-6096 EXPLOITDB python WORKING POC
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
CVE-2015-3036 EXPLOITDB python WORKING POC
KCodes NetUSB - Stack-Based Buffer Overflow via Long Computer Name
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.
CVE-2012-1182 EXPLOITDB ruby WORKING POC
Samba < 3.4.16, 3.5.x < 3.5.14, 3.6.x < 3.6.4 - Remote Code Execution via RPC Array Length Validation Bypass
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
CVE-2012-6096 EXPLOITDB ruby WORKING POC
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
CVE-2022-0847 EXPLOITDB HIGH c WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS 7.8