michalbednarski

6 exploits Active since Oct 2017
CVE-2022-20452 NOMISEC HIGH WORKING POC
Android <13 - Local Privilege Escalation
In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318
339 stars
CVSS 7.8
CVE-2023-45777 NOMISEC HIGH WRITEUP
Android - Privilege Escalation
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
99 stars
CVSS 7.8
CVE-2025-22441 GITHUB HIGH java WRITEUP
Java - Privilege Escalation
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
94 stars
CVSS 7.3
CVE-2024-34740 NOMISEC HIGH WORKING POC
Google Android - Integer Overflow
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
51 stars
CVSS 7.8
CVE-2021-39749 NOMISEC HIGH WRITEUP
Google Android - Missing Authorization
In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115
31 stars
CVSS 7.8
CVE-2017-0806 NOMISEC HIGH WORKING POC
Android <8.0 - Privilege Escalation
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.
24 stars
CVSS 7.8