zx2c4

21 exploits Active since Dec 2008
CVE-2012-0056 NOMISEC WORKING POC
Linux Kernel < 3.0.18 - Access Control
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
1 stars
CVE-2020-15780 NOMISEC MEDIUM WORKING POC
Linux Kernel < 5.7.7 - Missing Authorization
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
CVSS 6.7
CVE-2010-3847 METASPLOIT ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2012-3483 EXPLOITDB shell WORKING POC
Google Tunnelblick < 3.3beta20 - Race Condition
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
CVE-2010-3847 EXPLOITDB ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2010-3856 METASPLOIT ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2012-4284 EXPLOITDB CRITICAL bash WORKING POC
Sparklabs Viscosity - Privilege Escalation
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
CVSS 9.8
CVE-2012-3485 EXPLOITDB bash WORKING POC
Google Tunnelblick < 3.3beta20 - Improper Input Validation
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
CVE-2012-3483 EXPLOITDB c WORKING POC
Google Tunnelblick < 3.3beta20 - Race Condition
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
CVE-2011-1485 EXPLOITDB c WORKING POC
Linux PolicyKit Race Condition Privilege Escalation
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
CVE-2010-3856 EXPLOITDB bash WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2010-3856 EXPLOITDB ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2012-0056 EXPLOITDB c WORKING POC
Linux Kernel < 3.0.18 - Access Control
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
CVE-2012-0056 EXPLOITDB c WORKING POC
Linux Kernel < 3.0.18 - Access Control
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
CVE-2015-8556 EXPLOITDB CRITICAL c WORKING POC
Gentoo QEMU <2.5.0-r1 - Privilege Escalation
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVSS 10.0
EIP-2026-102797 EXPLOITDB bash WORKING POC
Calibre E-Book Reader - Race Condition Privilege Escalation
EIP-2026-102796 EXPLOITDB c WORKING POC
Calibre E-Book Reader - Local Privilege Escalation (3)
EIP-2026-102795 EXPLOITDB bash WORKING POC
Calibre E-Book Reader - Local Privilege Escalation (2)
EIP-2026-102794 EXPLOITDB bash WORKING POC
Calibre E-Book Reader - Local Privilege Escalation (1)
CVE-2010-4165 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.37 - Divide By Zero
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
CVE-2008-5736 EXPLOITDB c WORKING POC
Freebsd - Access Control
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.