- CVE-2003-0127 | Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation
- CVE-2003-0961 | Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2)
- CVE-2004-0077 | Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Local Privilege Escalation
- CVE-2004-1235 | Linux Kernel 2.4.29-rc2 - 'uselib()' Local Privilege Escalation (1)
- CVE N/A | Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation
- CVE-2005-0736 | Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation
- CVE-2005-1263 | Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow
- CVE-2006-2451 | Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation
- CVE-2006-3626 | Linux Kernel 2.6.17.4 - 'proc' Local Privilege Escalation
- CVE N/A | Compress v4.2.4 local test exploit
- CVE N/A | Local GNU Awk 3.1.0-x proof of concept exploit
- EDB-ID-4756 | Linux Kernel < 2.6.11.5 Bluetooth Stack Localroot Exploit
- CVE-2008-0600 | Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Local Privilege Escalation (1)
- CVE-2008-0900 | Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation (2)
- CVE-2008-4210 | Linux Kernel < 2.6.22 - 'ftruncate()'/'open()' Local Privilege Escalation
- CVE-2009-1185 | Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Local Privilege Escalation (1)
- CVE-2009-1337 | Linux Kernel < 2.6.29 - 'exit_notify()' Local Privilege Escalation
- CVE-2009-2692 | Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1)
- CVE-2009-2698 | Linux kernel 2.6 < 2.6.19 (32bit) ip_append_data() local ring0 root exploit
- CVE-2009-3547 | Linux 2.6.x fs/pipe.c Local Privilege Escalation
- CVE-2010-1146 | ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Local Privilege Escalation
- CVE-2010-2959 | Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation
- CVE-2010-3081 | Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
- CVE-2010-3301 | Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
- CVE-2010-3437 | Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
- CVE-2010-3904 | Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege Escalation
- CVE-2010-4073 | Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
- CVE-2010-4258 | Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
- CVE-2010-4347 | Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation
- CVE-2011-1021 | Linux Kernel < 2.6.37-rc2 - 'ACPI custom_method' Local Privilege Escalation
- CVE-2011-2777 | Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation
- CVE-2011-1485 | pkexec - Race Condition Privilege Escalation
- EDB-ID-18071 | Calibre E-Book Reader - Local Privilege Escalation
- EDB-ID-17391 | Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Local Privilege Escalation
- EDB-ID-15944 | Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation (2)
- CVE-2012-0056 | Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Local Privilege Escalation
- CVE-2012-3524 | libdbus - 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation
- CVE-2012-0809 | sudo 1.8.0 < 1.8.3p1 - Format String
- CVE-2013-0268 | Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation
- CVE-2013-1763 | Linux Kernel 3.3 < 3.8 (Ubuntu / Fedora 18) - 'sock_diag_handlers()' Local Privilege Escalation (3)
- CVE-2013-1858 | Linux Kernel 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation
- CVE-2013-2094 | Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2)
- CVE-2014-0038 | Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2)
- CVE-2014-0196 | Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
- CVE-2014-3153 | Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Local Privilege Escalation
- CVE-2014-4014 | Linux Kernel 3.13 - SGID Privilege Escalation
- CVE-2014-4699 | Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
- CVE-2014-5284 | OSSEC 2.8 - 'hosts.deny' Local Privilege Escalation
- CVE-2015-1328 | Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Privilege Escalation
- CVE-2015-7547 | glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
- CVE-2016-0728 | Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
- CVE-2016-2384 | Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
- CVE-2016-5195 | Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
- CVE-2016-8655 | Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)
- CVE-2016-9793 | Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
- CVE-2017-5123 | Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
- CVE-2017-6074 | Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
- CVE-2017-7308 | Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
- CVE-2017-7494 | Samba 3.5.0 - Remote Code Execution
- CVE-2017-7533 | Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
- CVE-2017-16939 | Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
- CVE-2017-16995 | Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
- CVE-2017-1000112 | Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)
- CVE-2017-1000367 | Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation
- CVE-2019-7304 | snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
- CVE-2019-13272 | Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
- CVE-2021-22555 | Linux Kernel Netfilter Heap Out-Of-Bounds Write
- CVE-2021-3560 | Polkit-exploit
- CVE-2021-4034 | Pkexec Local Privilege Escalation
- CVE-2021-41073 | Linux Privilege Escalation io_uring
- CVE-2022-0847 | DirtyPipe-Exploits
- CVE-2022-2639 | Linux Kernel openvswitch local privilege escalation
- CVE-2022-37706 | LPE enlightment Privilege escalation
- CVE-2022-0995 | Linux watch_queue Filter Out-Of-Bounds Write
- CVE-2022-2586 | Linux Kernel nft_object UAF
- CVE-2022-2588 | Linux Kernel net/sched/cls_route.c Privilege Escalation
- CVE-2022-2602 | Linux Privilege Escalation Userfaultfd
- CVE-2022-32250 | Linux Kernel LPE NFT_STATEFUL_EXPR
- CVE-2022-34918 | Linux Ubuntu 5.15.0-39-generic LPE
- CVE-2023-0386 | Linux Ubuntu 22.04 Privilege Escalation
- CVE-2023-2163 | Linux Privilege Escalation eBPF Verifier
- CVE-2023-2598 | io_uring_LPE 6.3-rc1
- CVE-2023-2640 | GameOver(Lay) Ubuntu Privilege Escalation
- CVE-2023-32629 | GameOver(Lay) Ubuntu Privilege Escalation
- CVE-2023-3269 | Linux Privilege Escalation StackRot 6.1 < 6.4
This exploit uses the pokemon exploit of the dirtycow vulnerability as a base and automatically generates a new passwd line. The user will be prompted for the new password when the binary is run. The original /etc/passwd file is then backed up to /tmp/paww.bak and overwrites the root account with the generated line. After running the exploit you should be able to login with the newly created user.
- CVE-2008-3531 | FreeBSD 7.0/7.1 - 'vfs.usermount' Local Privilege Escalation
- CVE-2008-5736 | FreeBSD 6.4 - Netgraph Privilege Escalation
- CVE-2009-3527 | FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition
- CVE-2009-4146 | FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
- EDB-ID-9860 | FreeBSD 7.2 - VFS/devfs Race Condition
- CVE-2010-2020 | FreeBSD 8.0/7.3/7.2 - 'nfs_mount()' Local Privilege Escalation
- CVE-2010-2693 | FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
- CVE-2010-4210 | FreeBSD - 'pseudofs' Null Pointer Dereference Privilege Escalation
- CVE-2011-4062 | FreeBSD - UIPC socket heap Overflow (PoC)
- CVE-2011-4122 | OpenPAM - 'pam_start()' Local Privilege Escalation
- CVE-2011-4862 | TelnetD encrypt_keyid - Function Pointer Overwrite