spender

12 exploits Active since Jul 2009
CVE-2013-2094 NOMISEC HIGH WORKING POC
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
4 stars
CVSS 8.4
CVE-2009-2692 METASPLOIT HIGH ruby WORKING POC
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
EIP-2026-103353 EXPLOITDB c WORKING POC
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
CVE-2010-3301 EXPLOITDB c WORKING POC
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVE-2009-1897 EXPLOITDB text WORKING POC
Linux kernel 2.6.30-2.6.30.1 - Privilege Escalation
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
CVE-2009-2692 EXPLOITDB HIGH text WRITEUP
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
EIP-2026-102828 EXPLOITDB text WRITEUP
Enlightenment - Linux Null PTR Dereference Framework
CVE-2009-2698 EXPLOITDB HIGH text WORKING POC
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVSS 7.8
CVE-2013-0268 EXPLOITDB c WORKING POC
Linux Kernel < 3.7.6 - Local Privilege Escalation via MSR Device Access
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
CVE-2009-2692 EXPLOITDB HIGH ruby WORKING POC
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
CVSS 7.8
CVE-2009-3547 EXPLOITDB HIGH c WORKING POC
Linux Kernel < 2.6.32-rc6 - Race Condition in Pipe Handling via /proc/*/fd/ Pathname
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVSS 7.0
CVE-2010-0415 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.33 - Arbitrary Kernel Memory Read and Denial of Service via Invalid Node Values
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.