CWE:
 

Topic
Date
Author
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
ShadeYouVPN.com Client For Windows 2.0.1.11 Privilege Escalation
15.02.2017
Kacper Szurek
Med.
Piwik Superuser Plugin Upload
14.02.2017
FireFart
High
Easy File Uploader 1.2 Arbitrary File Download
09.02.2017
Ihsan Sencan
High
MySQL File Uploader 1.0 SQL Injection
09.02.2017
Ihsan Sencan
Med.
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
02.02.2017
dustyfresh
Med.
Viscosity For Windows 1.6.7 Privilege Escalation
01.02.2017
Kacper Szurek
Med.
Polycom VVX Web Interface Privilege Escalation
27.01.2017
Mike Brown
Med.
EMC Avamar Data Store / Virtual Edition 7.3.1 / 7.3.0 Privilege Escalation
23.01.2017
Thorsten Tullmann
Med.
SentryHD 02.01.12e Privilege Escalation
19.01.2017
Kacper Szurek
High
dirList 0.3.0 File Upload / Command Execution
18.01.2017
hyp3rlinx
Med.
openWYSIWYG Insert Image 1.4.7 Arbitrary File Upload
17.01.2017
Persian Hack Team
Med.
Firejail Privilege Escalation
12.01.2017
Daniel Hodson
Med.
WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation
11.01.2017
Kacper Szurek
High
Nuked Klan CMS 1.8 File Upload
11.01.2017
Ashiyane Digital Secur...
Med.
EMC ScaleIO Privilege Escalation / Denial Of Service
06.01.2017
David BERARD
Med.
SoftMaker Office 201x Privilege Escalation
05.01.2017
Stefan Kanthak
High
WordPress Templatic 2.3.6 File Upload
31.12.2016
r3m1ck
Med.
IBM AIX 6.1 / 7.1 / 7.2 Bellmail Privilege Escalation
23.12.2016
RSL
Med.
Google Chrome Privilege Escalation
23.12.2016
jannh
Med.
Vesta Control Panel 0.9.8-16 Local Privilege Escalation
23.12.2016
Luka Pusic
Med.
Orthanc DICOM Server 1.1.0 Unquoted Service Path Privilege Escalation
17.12.2016
Gjoko 'LiquidWorm' Krs...
Med.
Viscosity Open VPN 2.3 Privilege Escalation
13.12.2016
Ajay Gowtham
Med.
Apache CouchDB 2.0.0 Local Privilege Escalation
06.12.2016
hyp3rlinx
Med.
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
29.11.2016
FireFart
Med.
Joomla K2 2.7.1 Shell Upload / Cross Site Request Forgery
22.11.2016
Anti RA$?is
High
Lepton 2.2.2 Stable Shell Upload
19.11.2016
Tim Coen
High
PowerShellEmpire Arbitrary File Upload (Skywalker)
18.11.2016
Erik Daguerre
Med.
Nginx (Debian-Based Distros) Root Privilege Escalation
17.11.2016
Dawid Golunski
Med.
Linux BPF Local Privilege Escalation Exploit
15.11.2016
h00die
Med.
Intel Identity Protection Technology Host Interface Service 1.2.22.0 Privilege Escalation
12.11.2016
hyp3rlinx
Med.
Intel Management And Security LMS.exe 7.1.13.1088 Privilege Escalation
12.11.2016
hyp3rlinx
Med.
e107 CMS 2.1.2 Privilege Escalation
11.11.2016
Kacper Szurek
Med.
Nero 7.10.1.0 Privilege Escalation
11.11.2016
Boumediene KADDOUR a.k...
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Actiontec WCB3000N 0.16.2.5 Privilege Escalation
08.11.2016
Andrew Klaus
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
High
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
02.11.2016
Joel Vadodil Varghese
Med.
Overlayfs Privilege Escalation
02.11.2016
rebel
Med.
Apache OpenOffice 4.1.2 Privilege Escalation
27.10.2016
Himanshu Mehta
Med.
Hewlett Packard TouchSmart Calendar Service 4.1.4245 Privilege Escalation
27.10.2016
hyp3rlinx
Med.
CVSNT 2.0.51d Privilege Escalation
26.10.2016
hyp3rlinx
Med.
WinCvs 2.1.1.1 Build 1 Privilege Escalation
26.10.2016
hyp3rlinx
High
FreePBX 10.13.66 Remote Command Execution / Privilege Escalation
23.10.2016
Christopher Davis
Med.
Panda Security PSEvents Privilege Escalation
23.10.2016
h00die
Low
CNDSOFT 2.3 Cross Site Request Forgery / Shell Upload
21.10.2016
Besim
Med.
BitComet 1.43 Privilege Escalation
21.10.2016
Ashiyane Digital Secur...
Med.
PDF Complete 4.1.12 Corporate Edition Privilege Escalation
21.10.2016
Joey Lane
Med.
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 Privilege Escalation
21.10.2016
Joey Lane
Med.
Vembu StoreGrid 4.0 Privilege Escalation
21.10.2016
Joey Lane
Med.
SpyHunter 4.23.2 Privilege Escalation
21.10.2016
Ashiyane Digital Secur...
Med.
Lenovo RapidBoot HDD Acelerator 1.00.0802 Privilege Escalation
21.10.2016
Joey Lane
Med.
Lenovo Slim USB Keyboard 1.09 Privilege Escalation
21.10.2016
Joey Lane
High
CloudShare 1.6 Shell Upload
20.10.2016
indoushka
Med.
IObit Advanced SystemCare 10.0.2 Privilege Escalation
20.10.2016
Ashiyane Digital Secur...
Med.
Windows x86 afd.sys Privilege Escalation
19.10.2016
Tomislav Paskalev
Med.
NETGATE AMITI Antivirus 23.0.305 Privilege Escalation
19.10.2016
Amir.ght
Med.
NETGATE Data Backup 3.0.605 Privilege Escalation
19.10.2016
Amir.ght
Med.
NETGATE Registry Cleaner 16.0.205 Privilege Escalation
19.10.2016
Amir.ght
High
Ruby on Rails Dynamic Render File Upload Remote Code Execution
14.10.2016
John Poulin
Med.
ASLDRService ATK Hotkey 1.0.69.0 Privilege Escalation
14.10.2016
Cyril Vallicari
Med.
InsOnSrv Asus InstantOn 2.3.1.1 Privilege Escalation
14.10.2016
Cyril Vallicari
Med.
ATKGFNEXSrv ATKGFNEX 1.0.11.1 Privilege Escalation
14.10.2016
Cyril Vallicari
Med.
IObit Malware Fighter 4.3.1 Privilege Escalation
14.10.2016
Amir.ght
Med.
Hotspot Shield 6.0.3 Privilege Escalation
14.10.2016
Amir.ght
Med.
Minecraft 1.6.61 Privilege Escalation
13.10.2016
Ross Marks
Med.
Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
10.10.2016
h00die
High
Apache Tomcat 8 / 7 / 6 Privilege Escalation
10.10.2016
Dawid Golunski
Med.
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
10.10.2016
h00die
Med.
Fitbit Connect Service Privilege Escalation
10.10.2016
Ross Marks
Med.
Wacom Consumer Service Privilege Escalation
10.10.2016
Ross Marks
Med.
Foxit Cloud Update Service Privilege Escalation
10.10.2016
Ross Marks
Med.
Waves Audio Service Privilege Escalation
09.10.2016
Ross Marks
Med.
BlueStacks 2.5.55 Privilege Escalation
08.10.2016
Yunus YILDIRIM
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Abyss Web Server X1 2.11.1 Privilege Escalation
06.10.2016
Tulpa
Med.
Fortitude HTTP 1.0.4.0 Privilege Escalation
06.10.2016
Tulpa
Med.
Clean Master 1.0 Privilege Escalation
05.10.2016
Vulnerability Lab
Med.
MSI NTIOLib.sys / WinIO.sys Local Privilege Escalation
27.09.2016
ReWolf
Med.
Linux Kernel 4.6.3 Netfilter Privilege Escalation
27.09.2016
vnik
Med.
Iperius Remote 1.7.0 Privilege Escalation
27.09.2016
Tulpa
Med.
NetDrive 2.6.12 Privilege Escalation
27.09.2016
Tulpa
Med.
Macro Expert 4.0 Privilege Escalation
27.09.2016
Tulpa
Med.
AnyDesk 2.5.0 Privilege Escalation
24.09.2016
Tulpa
Med.
Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation
24.09.2016
Tulpa
Med.
Zortam MP3 Media Studio 21.15 Privilege Escalation
24.09.2016
Tulpa
High
WordPress Neosense Theme 1.7 Shell Upload
20.09.2016
Walter Hop
Med.
Docker Daemon Privilege Escalation
17.09.2016
forzoni
High
NetBSD mail.local Privilege Escalation
16.09.2016
akat1
High
EMC ViPR SRM XSS / CSRF / File Upload / Brute Force
14.09.2016
EMC
Med.
Zapya Desktop Version ('ZapyaService.exe') Privilege Escalation
13.09.2016
Arash Khazaei
Med.
Zapya Desktop 1.803 Privilege Escalation
13.09.2016
Arash Khazaei
Med.
Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
09.09.2016
Ross Marks
High
HelpDeskz 1.0.2 Shell Upload
30.08.2016
Lars Morgenroth
High
Dotclear 2.9.1 Shell Upload
28.08.2016
Wiswat Aswamenakul
Med.
GitLab Impersonate Privilege Escalation
17.08.2016
Kaimi
High
WebNMS Framework Server 5.2 Arbitrary File Upload
13.08.2016
Pedro Ribeiro
Med.
EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation
10.08.2016
Gjoko 'LiquidWorm' Krs...
Med.
Microsoft Windows 7 Group Policy Privilege Escalation
10.08.2016
Nabeel Ahmed


CVEMAP Search Results

CVE
Details
Description
2015-02-22
Low
CVE-2014-7922

Vendor: Google
Software: Play service...
 

 
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.

 
2015-02-19
Medium
CVE-2015-1515

Vendor: Softsphere
Software: Defensewall ...
 

 
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.

 
2015-02-18
Medium
CVE-2014-5286

Vendor: Tibco
Software: Activematrix...
 

 
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.

 
2015-02-17
Medium
CVE-2015-1356

Vendor: Siemens
Software: Simatic step 7
 

 
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

 
2015-02-16
Medium
CVE-2015-1496

Vendor: Motorola
Software: Motorola sca...
 

 
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

 
Low
CVE-2014-6102

Vendor: IBM
Software: Change and c...
 

 
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

 
2015-02-12
Low
CVE-2014-6139

Vendor: IBM
Software: Business pro...
 

 
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

 
Medium
CVE-2014-6185

Vendor: IBM
Software: Tivoli stora...
 

 
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.

 
2015-02-06
High
CVE-2014-9353

Vendor: Netapp
Software: Oncommand ba...
 

 
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.

 
Medium
CVE-2014-9632

Vendor: AVG
Software: Internet sec...
 

 
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

 

 


Copyright 2017, cxsecurity.com