t0kx

10 exploits Active since Feb 2010
CVE-2015-3306 NOMISEC WORKING POC
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
144 stars
CVE-2016-9920 NOMISEC HIGH WORKING POC
Roundcube Webmail < 1.1.7 and 1.2.x < 1.2.3 - Authenticated Remote Code Execution via Sendmail Envelope-From Address
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.
48 stars
CVSS 7.5
CVE-2015-1427 NOMISEC CRITICAL WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
32 stars
CVSS 9.8
CVE-2015-5602 NOMISEC WORKING POC
Sudo <1.8.15 - Privilege Escalation
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
15 stars
CVE-2010-0426 NOMISEC WORKING POC
sudo 1.6.x < 1.6.9p21 and 1.7.x < 1.7.2p4 - Privilege Escalation via Pseudo-Command Matching
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
10 stars
CVE-2015-3306 NOMISEC WORKING POC
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
CVE-2015-3306 NOMISEC WORKING POC
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
CVE-2015-1427 NOMISEC CRITICAL WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS 9.8
CVE-2015-5602 NOMISEC STUB
Sudo <1.8.15 - Privilege Escalation
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
CVE-2010-0426 NOMISEC WORKING POC
sudo 1.6.x < 1.6.9p21 and 1.7.x < 1.7.2p4 - Privilege Escalation via Pseudo-Command Matching
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.