sharkmoos - Security Researcher - Exploit Intelligence Platform

CVE-2021-3156 NOMISEC HIGH WORKING POC

Sudo Heap-Based Buffer Overflow

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

CVSS 7.8

View Code

CVE-2021-35064 EXPLOITDB CRITICAL python WORKING POC

KramerAV VIAWare - Privilege Escalation

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

CVSS 9.8

View Code

CVE-2021-36356 EXPLOITDB CRITICAL python WORKING POC

Kramer VIAware < 2021-08 - Remote Code Execution via ajaxPages/writeBrowseFilePathAjax.php

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.

CVSS 9.8

View Code

CVE-2019-17124 EXPLOITDB CRITICAL python WORKING POC

Kramer VIAware 2.5.0719.1034 - Incorrect Access Control

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

CVSS 9.8

View Code