timwr

49 exploits Active since Nov 2013
CVE-2019-0808 METASPLOIT HIGH ruby WORKING POC
Windows 7 and Windows Server 2008 - Local Privilege Escalation in Win32k Component
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
CVSS 7.8
CVE-2019-1458 METASPLOIT HIGH ruby WORKING POC
Windows Win32k - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
CVSS 7.8
CVE-2019-8513 METASPLOIT HIGH ruby WORKING POC
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
CVSS 7.8
CVE-2022-0847 METASPLOIT HIGH ruby WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS 7.8
CVE-2019-13272 METASPLOIT HIGH ruby WORKING POC
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVSS 7.8
CVE-2022-46689 METASPLOIT HIGH ruby WORKING POC
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
CVSS 7.0
CVE-2020-9856 METASPLOIT MEDIUM ruby WORKING POC
macOS Catalina <10.15.5 - Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.
CVSS 5.3
CVE-2021-30657 METASPLOIT MEDIUM ruby WORKING POC
macOS Gatekeeper check bypass
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
CVSS 5.5
CVE-2020-9839 METASPLOIT HIGH ruby WORKING POC
macOS cfprefsd Arbitrary File Write Local Privilege Escalation
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
CVSS 7.0
CVE-2019-8565 METASPLOIT HIGH ruby WORKING POC
Mac OS X Feedback Assistant Race Condition
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
CVSS 7.0
CVE-2017-13872 METASPLOIT HIGH ruby WORKING POC
Apple <macOS High Sierra - Privilege Escalation
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
CVSS 8.1
CVE-2019-5786 EXPLOITDB MEDIUM ruby WORKING POC
Google Chrome < 72.0.3626.121 - Use-After-Free in Blink via Crafted HTML Page
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVSS 6.5
EIP-2026-117553 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
EIP-2026-117552 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
CVE-2018-17463 EXPLOITDB HIGH ruby WORKING POC
Google Chrome < 70.0.3538.64 - Remote Code Execution via V8 Side Effect Annotation
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS 8.8
CVE-2020-6418 EXPLOITDB HIGH ruby WORKING POC
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8
CVE-2019-5825 EXPLOITDB MEDIUM ruby WORKING POC
Google Chrome < 73.0.3683.86 - Out-of-bounds Write via JavaScript Array.map
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 6.5
CVE-2019-8565 EXPLOITDB HIGH ruby WORKING POC
Mac OS X Feedback Assistant Race Condition
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
CVSS 7.0
CVE-2019-8513 EXPLOITDB HIGH ruby WORKING POC
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
CVSS 7.8
CVE-2019-13272 EXPLOITDB HIGH ruby WORKING POC
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVSS 7.8
CVE-2016-4657 EXPLOITDB HIGH ruby WORKING POC
iPhone OS < 9.3.5 - Remote Code Execution via WebKit Memory Corruption
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS 8.8
CVE-2013-6282 EXPLOITDB HIGH ruby WORKING POC
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
CVSS 8.8
CVE-2017-13156 EXPLOITDB HIGH ruby WORKING POC
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVSS 7.8
CVE-2019-2215 EXPLOITDB HIGH ruby WORKING POC
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS 7.8