m4rkw

15 exploits Active since Apr 2017
CVE-2017-16928 EXPLOITDB HIGH ruby WORKING POC
Arq <5.10 - Privilege Escalation
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
CVSS 7.8
CVE-2017-16945 EXPLOITDB HIGH bash WORKING POC
Arq <5.10 - Privilege Escalation
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
CVSS 7.8
CVE-2017-15357 EXPLOITDB HIGH bash WORKING POC
Arq < 5.9.7 - Race Condition
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVSS 7.4
CVE-2017-16895 EXPLOITDB HIGH ruby WORKING POC
Arq <5.10 - Privilege Escalation
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
CVSS 7.8
CVE-2017-15358 EXPLOITDB HIGH text WORKING POC
Charles < 4.2.1 - Race Condition
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
CVSS 7.0
CVE-2017-11741 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVSS 8.8
CVE-2017-12579 EXPLOITDB HIGH bash WORKING POC
Hashicorp Vagrant Vmware Fusion < 4.0.24 - Uncontrolled Search Path
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVSS 7.8
CVE-2017-15884 EXPLOITDB HIGH bash WORKING POC
Hashicorp Vagrant Vmware Fusion - Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS 7.0
CVE-2017-16001 EXPLOITDB HIGH bash WORKING POC
Hashicorp Vagrant - Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS 7.8
CVE-2017-16777 EXPLOITDB HIGH bash WORKING POC
HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVSS 7.8
CVE-2017-7642 EXPLOITDB HIGH text WORKING POC
HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS 7.8
EIP-2026-103378 EXPLOITDB bash WORKING POC
Murus 1.4.11 - Local Privilege Escalation
CVE-2017-7643 EXPLOITDB HIGH text WORKING POC
Proxifier for Mac <2.19 - Privilege Escalation
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
CVSS 7.8
CVE-2017-7690 EXPLOITDB HIGH bash WORKING POC
Proxifier for Mac <2.19.2 - Privilege Escalation
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
CVSS 7.8
CVE-2017-15918 EXPLOITDB HIGH bash WORKING POC
Ignitum Sera - Insufficiently Protected Credentials
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
CVSS 7.8