CWE:
 

Topic
Date
Author
High
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
19.05.2022
Ramuel Gall
High
e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting
11.05.2022
Hubert Wojciechowski
Med.
Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation
01.05.2022
W. Schober
High
7-Zip 21.07 Code Execution / Privilege Escalation
19.04.2022
Kagan Capar
High
WordPress Elementor 3.6.2 Shell Upload
19.04.2022
AkuCyberSec
High
Scriptcase 9.7 Shell Upload
19.04.2022
luckyt0mat0
High
AeroCMS 0.0.1 Shell Upload
08.04.2022
D4rkP0w4r
High
SAP Information System 1.0 Shell Upload
06.04.2022
Hejap Zairy
High
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass
04.04.2022
Adam Shebani
High
Atom CMS 1.0.2 Shell Upload
31.03.2022
Ashish Koli
High
IdeaRE RefTree Shell Upload
31.03.2022
Savino Sisco
Med.
Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path
31.03.2022
Asim Sattar
Med.
EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path
31.03.2022
Shahrukh Iqbal Mirza
Low
Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting
24.03.2022
Milad Karimi
High
Sports Complex Booking System 1.0 Shell Upload
24.03.2022
Hejap Zairy
High
Poultry Farm Management System 1.0 Shell Upload
22.03.2022
Hejap Zairy
Med.
Sysax FTP Automation 6.9.0 Privilege Escalation
22.03.2022
bzyo
High
Laravel Media Library Pro 2.1.6 Shell Upload
17.03.2022
Kelvin Yip
Med.
Windows SpoolFool Privilege Escalation
17.03.2022
Shelby Pace
High
BuilderTorCTPHPRAT.b Shell Upload
17.03.2022
malvuln
High
Tiny File Manager 2.4.6 Shell Upload
16.03.2022
Febin Mon Saji
High
Pluck CMS 4.7.16 Shell Upload
16.03.2022
Ashish Koli
High
Dirty Pipe Local Privilege Escalation
13.03.2022
timwr
High
Linux Kernel 5.8 < 5.16.11 Local Privilege Escalation (DirtyPipe)
08.03.2022
blasty
High
pfSense 2.5.2 Shell Upload
04.03.2022
Abdel Adim Oisfi
High
Axis IP Camera Shell Upload
01.03.2022
jbaines-r7
Med.
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
28.02.2022
Momen Eldawakhly
High
WordPress dzs-zoomsounds 6.60 Shell Upload
23.02.2022
Overthinker1877
High
Microweber 1.2.11 Shell Upload
22.02.2022
Chetanya Sharma
Med.
Cyclades Serial Console Server 3.3.0 Privilege Escalation
22.02.2022
ibby
High
Tiny File Manager 2.4.3 Shell Upload
16.02.2022
FEBIN
Med.
Nagios XI Autodiscovery Shell Upload
15.02.2022
jbaines-r7
Med.
Strapi CMS 3.0.0-beta.17.4 Privilege Escalation
08.02.2022
WackyH4cker
High
Feberr 12.7 Shell Upload
03.02.2022
Sohel Yousef
High
PolicyKit-1 0.105-31 Privilege Escalation
27.01.2022
Lance Biggerstaff
High
Polkit pkexec Local Privilege Escalation
26.01.2022
Qualys Security Adviso...
High
Landa Driving School Management System 2.0.1 Arbitrary File Upload
18.01.2022
Sohel Yousef
High
Simple Chatbot Application 1.0 Shell Upload
18.01.2022
Saud Alenazi
Low
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
13.01.2022
Veshraj Ghimire
Med.
Automox Agent 32 Local Privilege Escalation
07.01.2022
Greg Foss
High
WordPress Catch Themes Demo Import Shell Upload
05.01.2022
h00die
High
Bazaar Web PHP Social Listings Shell Upload
20.12.2021
Sohel Yousef
High
Signup PHP Portal 2.1 Shell Upload
20.12.2021
Sohel Yousef
High
AbanteCart Arbitrary File Upload / Cross Site Scripting
19.12.2021
Ian Chong
High
Croogo 3.0.2 Shell Upload
19.12.2021
Enes Ozeser
High
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
11.12.2021
Ron Jost
High
Free School Management Software 1.0 Shell Upload
10.12.2021
fuuzap1
High
Ubuntu Overlayfs Local Privilege Escalation
05.12.2021
bwatters-r7
Med.
MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation
02.12.2021
Alessandro Salzano
Med.
Orangescrum 1.8.0 Privilege Escalation
30.11.2021
Hubert Wojciechowski
Med.
Windows MultiPoint Server 2011 SP1 RpcEptMapper and Dnschade Local Privilege Escalation
29.11.2021
it
High
Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
23.11.2021
Ujas Dhami
High
WordPress Smart Product Review 1.0.4 Shell Upload
18.11.2021
Keyvan Hardani
Med.
LiquidFiles 3.5.13 Privilege Escalation
18.11.2021
Eliana Cannella
Med.
KONGA 0.14.9 Privilege Escalation
16.11.2021
Paulo Trindade
Med.
Ericsson Network Location MPS GMPC21 Privilege Escalation
02.11.2021
AkkuS
High
Codiad 2.8.4 Shell Upload
02.11.2021
P4p4_M4n3
High
Engineers Online Portal 1.0 File Upload Remote Code Execution (RCE)
29.10.2021
SadKris
Med.
OpenClinic GA 5.194.18 Local Privilege Escalation
29.10.2021
Alessandro Salzano
Med.
Gestionale Open 11.00.00 Local Privilege Escalation
29.10.2021
Alessandro 'mindsflee'...
High
TextPattern CMS 4.8.7 Shell Upload
14.10.2021
Mert Das
High
Alchemy CMS 6.0.0 Arbitrary File Upload
13.10.2021
Abdulrahman
High
Moodle Admin Shell Upload
12.10.2021
h00die
Med.
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution
12.10.2021
h00die
Med.
WordPress Pie Register 3.7.1.4 Privilege Escalation
11.10.2021
Lotfi13-DZ
High
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation
09.10.2021
Brendan Coles
Med.
G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation
06.10.2021
Florian Bogner
High
WordPress MStore API 2.0.6 Shell Upload
06.10.2021
spacehen
Med.
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
05.10.2021
Oscar Gutierrez
Med.
Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation
03.10.2021
Cristian Giustini
High
Vehicle Service Management System 1.0 Shell Upload
03.10.2021
Fikrat Ghuliev
Med.
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation
29.09.2021
LiquidWorm
Med.
Mitrastar GPT-2541GNAC-N1 Privilege Escalation
29.09.2021
Leonardo Nicolas Serva...
High
XAMPP 7.4.3 Local Privilege Escalation
27.09.2021
Salman Asad
High
E-Negosyo System 1.0 Shell Upload
24.09.2021
Janik Wehrli
High
e107 CMS 2.3.0 Shell Upload
24.09.2021
Halit Akaydin
High
WordPress 3DPrint Lite 1.9.1.4 Shell Upload
23.09.2021
spacehen
High
Budgets And Expense Tracker System 1.0 Shell Upload
21.09.2021
Abdullah Khawaja
High
WordPress Download From Files 1.48 Shell Upload
18.09.2021
spacehen
High
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
17.09.2021
Ricardo Jose Ruiz Fern...
High
AlphaWeb XE File Upload Remote Code Execution (Authenticated)
15.09.2021
Ricardo Ruiz (@ricardo...
High
Patient Appointment Scheduler System 1.0 Shell Upload
08.09.2021
a-rey
Med.
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
01.09.2021
Grant Willcox
High
Online Leave Management System 1.0 Shell Upload
25.08.2021
Justin White
High
Simple Water Refilling Station Management System 1.0 Remote Code Execution (RCE) through File Upload
20.08.2021
Matt Sorrell
Med.
Lexmark Driver Privilege Escalation
12.08.2021
Jacob Baines
Med.
Canon TR150 Driver 3.71.2.10 Privilege Escalation
11.08.2021
Jacob Baines
Med.
Amica Prodigy 1.7 Privilege Escalation
07.08.2021
Andrea Intilangelo
High
GFI Mail Archiver 15.1 Telerik UI Component Arbitrary File Upload (Unauthenticated)
06.08.2021
Amin Bohio
High
GFI Mail Archiver 15.1 Arbitrary File Upload
06.08.2021
Paul Taylor
High
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
03.08.2021
Merbin Russel
Med.
Pi-Hole Remove Commands Linux Privilege Escalation
01.08.2021
h00die
Med.
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
28.07.2021
Faisal Alhadlaq
High
Event Registration System With QR Code 1.0 Shell Upload
28.07.2021
Javier Olmedo
Med.
Linux Kernel 2.6.19 < 5.9 Netfilter Local Privilege Escalation
23.07.2021
Nguyen
Med.
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
21.07.2021
Pierre Kim
High
WordPress Popular Posts 5.3.2 Shell Upload
15.07.2021
Simone Cristofaro
High
Church Management System 1.0 Shell Upload / SQL Injection
09.07.2021
Eleonora Guardini
High
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
08.07.2021
Patrik Lantz
High
WordPress SP Project And Document Manager 4.21 Shell Upload
08.07.2021
Ron Jost


CVEMAP Search Results

CVE
Details
Description
2022-05-02
Low
CVE-2022-29444

Vendor: Cloudways
Software: Breeze
 

 
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.

 
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top