CWE:
 

Topic
Date
Author
Med.
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
19.07.2017
Mark Wadham
High
DotCMS 4.1.1 Shell Upload
19.07.2017
M3@pandas
Med.
Microsoft Windows COM Session Moniker Privilege Escalation
14.07.2017
forshaw
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco VideoXpert Privilege Escalation
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Microsoft .NET Privilege Escalation
08.07.2017
Stefan Kanthak
High
ActiveMQ < 5.14.0 web shell upload
30.06.2017
Ian
High
KBVault MySQL 0.16a Arbitrary File Upload
16.06.2017
Fatih Emiral
Med.
Sudo get_process_ttyname() Privilege Escalation
16.06.2017
Qualys
High
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
16.06.2017
bee13oy
Med.
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
15.06.2017
insecurity
Med.
Net Monitor For Employees Pro Privilege Escalation
09.06.2017
Saeid Atabaki
High
Craft CMS 2.6 Cross Site Scripting / File Upload
08.06.2017
Ahsan Tahir
Med.
DC/OS Marathon UI Docker Privilege Escalation
07.06.2017
Erik
High
Perch CMS 3.0.3 Cross Site Scripting / File Upload
07.06.2017
Vulnerability Lab
Med.
BIND 9.10.5 Unquoted Service Path Privilege Escalation
06.06.2017
hyp3rlinx
Low
Joomla 3.x Proof Of Concept Shell Upload
01.06.2017
c
Med.
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
31.05.2017
Florian Bogner
Low
Concrete5 Proof Of Concept Shell Upload
31.05.2017
c
Low
DokuWiki Proof Of Concept Shell Upload
31.05.2017
c
Med.
KDE 4/5 KAuth Privilege Escalation
24.05.2017
Sebastian Krahmer
High
InvoicePlane 1.4.10 File Upload / Cross Site Scripting
24.05.2017
Jasveer Singh
Med.
VMWare Workstation On Linux Privilege Escalation
23.05.2017
jannh
Med.
HP SimplePass 8.x Local Privilege Escalation
23.05.2017
Rehan Ahmed
High
BuilderEngine Arbitrary File Upload / Execution
17.05.2017
Marco Rivoli
High
Linux Kernel 3.x usb-midi Local Privilege Escalation
14.05.2017
Andrey Konovalov
Med.
Hola VPN 1.34 Privilege Escalation
04.05.2017
Vulnerability Lab
Med.
Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation
04.05.2017
Gjoko 'LiquidWorm' Krs...
High
Super File Explorer 1.0.1 Arbitrary File Upload
04.05.2017
Vulnerability Lab
Med.
Icecream 4.53 / Pro Privilege Escalation
04.05.2017
Vulnerability Lab
High
Easy File Uploader Remote Shell Upload
28.04.2017
Daniel Godoy
High
Simple File Uploader Arbitrary File Download
28.04.2017
Daniel Godoy
Med.
Portrait Display SDK Service Privilege Escalation
27.04.2017
W. Schober
Med.
Dell Customer Connect 1.3.28.0 Privilege Escalation
25.04.2017
Kacper Szurek
Med.
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
25.04.2017
forshaw
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
High
October CMS 1.0.412 Code Execution / Shell Upload
21.04.2017
Anti RA$?is
High
Trend Micro TDA 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
20.04.2017
Steven Seeley
High
Trend Micro TDA 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
20.04.2017
Steven Seeley
Med.
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
19.04.2017
jannh
Med.
Microsoft Windows taskschd.msc Privilege Escalation
19.04.2017
Todor Donev
Med.
TOVA 8 Unquoted Service Path Privilege Escalation
18.04.2017
Rithwik Jayasimha
Med.
Linux Kernel 4.8.0 udev 232 Privilege Escalation
15.04.2017
Nassim Asrir
Med.
GNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
14.04.2017
Hacker Fantastic
Med.
PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
14.04.2017
Hacker Fantastic
Med.
Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
13.04.2017
Hacker Fantastic
High
Proxifier 2.18 Privilege Escalation / Code Execution
12.04.2017
Mark Wadham
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Solar-Log CSRF / Information Disclosure / DoS / File Upload
22.03.2017
T. Weber
Med.
DIGISOL DG-HR1400 1.00.02 Privilege Escalation
21.03.2017
Indrajith.A.N
Med.
WordPress Multiple Plugin File Upload
21.03.2017
Munir Njirun
High
b2evolution 6.8.8 Shell Upload
15.03.2017
@rungga_reksya, @dvnrc...
High
Global In Shell Upload
13.03.2017
Ihsan Sencan
Med.
Fiyo CMS 2.0.6.1 Privilege Escalation
12.03.2017
@rungga_reksya, @dvnrc...
Med.
USBPcap 1.1.0.0 Privilege Escalation
11.03.2017
Parvez Anwar
High
iBaseCMS 1.23 SQL Injection / File Upload
09.03.2017
Bilal KARDADOU
High
Western Digital My Cloud Command Injection / File Upload
08.03.2017
Wan Ikram
Med.
CyberGhost 6.0.4.2205 Privilege Escalation
07.03.2017
Kacper Szurek
High
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation
23.02.2017
hantwister
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
ShadeYouVPN.com Client For Windows 2.0.1.11 Privilege Escalation
15.02.2017
Kacper Szurek
Med.
Piwik Superuser Plugin Upload
14.02.2017
FireFart
High
Easy File Uploader 1.2 Arbitrary File Download
09.02.2017
Ihsan Sencan
High
MySQL File Uploader 1.0 SQL Injection
09.02.2017
Ihsan Sencan
Med.
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
02.02.2017
dustyfresh
Med.
Viscosity For Windows 1.6.7 Privilege Escalation
01.02.2017
Kacper Szurek
Med.
Polycom VVX Web Interface Privilege Escalation
27.01.2017
Mike Brown
Med.
EMC Avamar Data Store / Virtual Edition 7.3.1 / 7.3.0 Privilege Escalation
23.01.2017
Thorsten Tullmann
Med.
SentryHD 02.01.12e Privilege Escalation
19.01.2017
Kacper Szurek
High
dirList 0.3.0 File Upload / Command Execution
18.01.2017
hyp3rlinx
Med.
openWYSIWYG Insert Image 1.4.7 Arbitrary File Upload
17.01.2017
Persian Hack Team
Med.
Firejail Privilege Escalation
12.01.2017
Daniel Hodson
Med.
WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation
11.01.2017
Kacper Szurek
High
Nuked Klan CMS 1.8 File Upload
11.01.2017
Ashiyane Digital Secur...
Med.
EMC ScaleIO Privilege Escalation / Denial Of Service
06.01.2017
David BERARD
Med.
SoftMaker Office 201x Privilege Escalation
05.01.2017
Stefan Kanthak
High
WordPress Templatic 2.3.6 File Upload
31.12.2016
r3m1ck
Med.
IBM AIX 6.1 / 7.1 / 7.2 Bellmail Privilege Escalation
23.12.2016
RSL
Med.
Google Chrome Privilege Escalation
23.12.2016
jannh
Med.
Vesta Control Panel 0.9.8-16 Local Privilege Escalation
23.12.2016
Luka Pusic
Med.
Orthanc DICOM Server 1.1.0 Unquoted Service Path Privilege Escalation
17.12.2016
Gjoko 'LiquidWorm' Krs...
Med.
Viscosity Open VPN 2.3 Privilege Escalation
13.12.2016
Ajay Gowtham
Med.
Apache CouchDB 2.0.0 Local Privilege Escalation
06.12.2016
hyp3rlinx
Med.
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
29.11.2016
FireFart
Med.
Joomla K2 2.7.1 Shell Upload / Cross Site Request Forgery
22.11.2016
Anti RA$?is
High
Lepton 2.2.2 Stable Shell Upload
19.11.2016
Tim Coen
High
PowerShellEmpire Arbitrary File Upload (Skywalker)
18.11.2016
Erik Daguerre
Med.
Nginx (Debian-Based Distros) Root Privilege Escalation
17.11.2016
Dawid Golunski
Med.
Linux BPF Local Privilege Escalation Exploit
15.11.2016
h00die
Med.
Intel Identity Protection Technology Host Interface Service 1.2.22.0 Privilege Escalation
12.11.2016
hyp3rlinx
Med.
Intel Management And Security LMS.exe 7.1.13.1088 Privilege Escalation
12.11.2016
hyp3rlinx
Med.
e107 CMS 2.1.2 Privilege Escalation
11.11.2016
Kacper Szurek
Med.
Nero 7.10.1.0 Privilege Escalation
11.11.2016
Boumediene KADDOUR a.k...
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Actiontec WCB3000N 0.16.2.5 Privilege Escalation
08.11.2016
Andrew Klaus
Med.
Sophos Web Appliance 4.2.1.3 Privilege Escalation
05.11.2016
Matt Bergin
High
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
02.11.2016
Joel Vadodil Varghese
Med.
Overlayfs Privilege Escalation
02.11.2016
rebel
Med.
Apache OpenOffice 4.1.2 Privilege Escalation
27.10.2016
Himanshu Mehta


CVEMAP Search Results

CVE
Details
Description
2015-02-22
Low
CVE-2014-7922

Vendor: Google
Software: Play service...
 

 
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.

 
2015-02-19
Medium
CVE-2015-1515

Vendor: Softsphere
Software: Defensewall ...
 

 
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.

 
2015-02-18
Medium
CVE-2014-5286

Vendor: Tibco
Software: Activematrix...
 

 
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.

 
2015-02-17
Medium
CVE-2015-1356

Vendor: Siemens
Software: Simatic step 7
 

 
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

 
2015-02-16
Medium
CVE-2015-1496

Vendor: Motorola
Software: Motorola sca...
 

 
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

 
Low
CVE-2014-6102

Vendor: IBM
Software: Change and c...
 

 
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

 
2015-02-12
Low
CVE-2014-6139

Vendor: IBM
Software: Business pro...
 

 
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

 
Medium
CVE-2014-6185

Vendor: IBM
Software: Tivoli stora...
 

 
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.

 
2015-02-06
High
CVE-2014-9353

Vendor: Netapp
Software: Oncommand ba...
 

 
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.

 
Medium
CVE-2014-9632

Vendor: AVG
Software: Internet sec...
 

 
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

 

 


Copyright 2017, cxsecurity.com