h00die

191 exploits Active since Jul 1997
CVE-2015-1328 EXPLOITDB HIGH ruby WORKING POC
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
CVSS 7.8
CVE-2017-1000112 EXPLOITDB HIGH ruby WORKING POC
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
CVSS 7.0
CVE-2017-16995 EXPLOITDB HIGH ruby WORKING POC
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
CVSS 7.8
CVE-2018-6329 EXPLOITDB CRITICAL ruby WORKING POC
Unitrends Backup < 10.1.10 - SQL Injection
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
CVSS 9.8
CVE-2016-4557 EXPLOITDB HIGH ruby WORKING POC
Linux BPF doubleput UAF Privilege Escalation
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
CVSS 7.8
CVE-2014-0038 EXPLOITDB ruby WORKING POC
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
EIP-2026-102634 EXPLOITDB perl WORKING POC
LinkLogger 2.4.10.15 - 'syslog' Denial of Service
CVE-2017-15889 EXPLOITDB HIGH ruby WORKING POC
Synology Diskstation Manager < 5.2-5967-5 - Command Injection
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVSS 8.8
CVE-2014-6271 EXPLOITDB CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
EIP-2026-100718 EXPLOITDB ruby WORKING POC
IPFire - 'proxy.cgi' Remote Code Execution (Metasploit)
EIP-2026-100978 EXPLOITDB bash WORKING POC
Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service
EIP-2026-100719 EXPLOITDB ruby WORKING POC
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
CVE-2009-4753 EXPLOITDB python WORKING POC
Addonics NASU2FW41 - Buffer Overflow
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.
EIP-2026-100979 EXPLOITDB bash WORKING POC
Addonics NAS Adapter - (Authenticated) Denial of Service
CVE-2017-13156 EXPLOITDB HIGH ruby WORKING POC
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVSS 7.8
EIP-2026-100051 EXPLOITDB ruby WORKING POC
Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)