CWE:
 

Topic
Date
Author
High
DarkComet (C2 Server) File Upload
22.01.2018
Pseudo Laboratories
High
glibc getcwd() Local Privilege Escalation
19.01.2018
halfdog
Med.
Docker Sudo Privilege Escalation
18.01.2018
Pype
High
Synology Photo Station 6.8.2-3461 SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution
16.01.2018
mr_me
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Kaseya VSA 9.2 Shell Upload
15.01.2018
Kin Hung Cheng
High
phpCollab 2.5.1 Unauthenticated File Upload
12.01.2018
1oopho1e
High
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
11.01.2018
Omar Mezrag
Med.
Jungo Windriver 12.5.1 Privilege Escalation
11.01.2018
Fidus InfoSecurity
High
phpCollab 2.5.1 Unauthenticated File Upload
11.01.2018
Nick Marcoccio
Med.
WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation
09.01.2018
Panagiotis Vagenas
High
WordPress Plugin LearnDash 2.5.3 Arbitrary File Upload
08.01.2018
NinTechNet
High
WDMyCloud <= 2.30.165 Multiple Vulnerabilities
05.01.2018
GulfTech
Med.
Kingsoft Antivirus / Internet Security 9+ Privilege Escalation
04.01.2018
Steven
Med.
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
03.01.2018
Andrey Konovalov
High
Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload
31.12.2017
ShanoWeb
Med.
Ubiquiti UniFi Video 3.7.3 Local Privilege Escalation
26.12.2017
RCE
High
Monstra CMS 3.0.4 Remote Shell Upload
18.12.2017
Ishaq Mohammed
High
Western Digital MyCloud multi_uploadify File Upload
16.12.2017
Zenofex
High
Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload
13.12.2017
Colette Chamberland
High
Vanguard 1.4 Arbitrary File Upload
12.12.2017
Ihsan Sencan
Med.
TeamCity 2017.1.5 Privilege Escalation
11.12.2017
Heliand Dema
High
Simple Chatting System 1.0.0 Arbitrary File Upload
09.12.2017
Ihsan Sencan
Med.
Proxifier For Mac 2.19 Local Privilege Escalation
07.12.2017
m4rkw
Med.
Hashicorp vagrant-vmware-fusion 5.0.3 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Hashicorp vagrant-vmware-fusion 5.0.1 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Murus 1.4.11 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Perspective ICM Investigation And Case 5.1.1.16 Privilege Escalation
07.12.2017
Konstantinos.alexiou
High
Arq Backup 5.9.6 Local Root Privilege Escalation
06.12.2017
Mark Wadham
High
Arq Backup 5.9.7 Local Root Privilege Escalation
06.12.2017
Mark Wadham
Med.
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
04.12.2017
kyREcon
Med.
Microsoft Windows 10 Creators Update 1703 WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation
30.11.2017
XPN
Med.
Mac OS X 10.13.1 Root Privilege Escalation
30.11.2017
Anonymous
High
CSC Cart 4.6.2 Shell Upload
26.11.2017
oric one
Med.
Scala 2.x Privilege Escalation
15.11.2017
Jason Zaugg
Med.
IKARUS AntiVirus 2.16.7 Privilege Escalation
14.11.2017
Parvez Anwar
Med.
Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
08.11.2017
Chris Salls
Med.
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
08.11.2017
Chris Salls
Med.
Splunk 6.6.x Local Privilege Escalation
04.11.2017
Hank Leininger
Med.
Vir.IT eXplorer Anti-Virus Privilege Escalation
03.11.2017
Parvez Anwa
Med.
MitraStar DSL-100HN-T1/GPT-2541GNAC Privilege Escalation
01.11.2017
j0lama
Med.
Bomgar Remote Support Local Privilege Escalation
27.10.2017
Robert Wessen
High
osTicket 1.10.1 Shell Upload
25.10.2017
Rajwinder Singh*
Med.
Sophos UTM 9 loginuser Privilege Escalation Via Insecure Directory Permissions
25.10.2017
Matt Bergin
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
22.10.2017
Anonymous
Med.
Tomcat Remote Code Execution via JSP Upload Bypass
19.10.2017
peewpw
High
Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
18.10.2017
SEC Consult
Med.
Opentext Documentum Content Server File Hijack / Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Opentext Documentum Content Server Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Tomcat JSP Upload Bypass Remote Code Execution
12.10.2017
peewpw
High
Apache Tomcat Upload Bypass / Remote Code Execution
11.10.2017
intx0x80
Med.
Unitrends UEB 9.1 Privilege Escalation
06.10.2017
Multiple
High
Apache Tomcat JSP Upload Bypass / Remote Code Execution
05.10.2017
xxlegend
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
Ingenious School Management System 2.3.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
iStock Management System 1.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
AMC Master Arbitrary File Upload
28.09.2017
Ihsan Sencan
High
Claydip Airbnb Clone 1.0 Arbitrary File Upload
25.09.2017
Ihsan Sencan
High
DlxSpot Shell Upload
21.09.2017
Simon Brannstrom
Med.
Netdecision 5.8.2 Local Privilege Escalation
18.09.2017
Peter Baris
Med.
D-Link DIR8xx Router Firmware Upload
15.09.2017
embedi
High
Aerohive Networks HiveManager Remote Shell Upload
10.09.2017
Sandro Zaccarini
High
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation
06.09.2017
Steven Seeley
Med.
Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation
05.09.2017
ParagonSec
Med.
TeraCopyService 3.1 Unquoted Service Path Privilege Escalation
05.09.2017
Rithwik Jayasimha
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
23.08.2017
Gjoko 'LiquidWorm' Krs...
High
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
23.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation
23.08.2017
Stefan Kanthak
High
DeWorkshop 1.0 - Arbitrary File Upload
20.08.2017
Ihsan Sencan
Med.
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
16.08.2017
Yorick Koster
Med.
Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation (MS17-017)
08.08.2017
Saif
Med.
VirtualBox 5.1.22 Windows Process DLL UNC Path Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
VirtualBox 5.1.22 Windows Process DLL Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation
03.08.2017
Mark Wadham
High
Advantech SUSIAccess 3.0 File Upload
02.08.2017
james fitts
High
WordPress Logosware Suite Uploader 1.1.6 File Upload
01.08.2017
Anonymous
Med.
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
19.07.2017
Mark Wadham
High
DotCMS 4.1.1 Shell Upload
19.07.2017
M3@pandas
Med.
Microsoft Windows COM Session Moniker Privilege Escalation
14.07.2017
forshaw
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco VideoXpert Privilege Escalation
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Microsoft .NET Privilege Escalation
08.07.2017
Stefan Kanthak
High
ActiveMQ < 5.14.0 web shell upload
30.06.2017
Ian
High
KBVault MySQL 0.16a Arbitrary File Upload
16.06.2017
Fatih Emiral
Med.
Sudo get_process_ttyname() Privilege Escalation
16.06.2017
Qualys
High
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
16.06.2017
bee13oy
Med.
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
15.06.2017
insecurity
Med.
Net Monitor For Employees Pro Privilege Escalation
09.06.2017
Saeid Atabaki
High
Craft CMS 2.6 Cross Site Scripting / File Upload
08.06.2017
Ahsan Tahir
Med.
DC/OS Marathon UI Docker Privilege Escalation
07.06.2017
Erik
High
Perch CMS 3.0.3 Cross Site Scripting / File Upload
07.06.2017
Vulnerability Lab
Med.
BIND 9.10.5 Unquoted Service Path Privilege Escalation
06.06.2017
hyp3rlinx
Low
Joomla 3.x Proof Of Concept Shell Upload
01.06.2017
c
Med.
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
31.05.2017
Florian Bogner
Low
Concrete5 Proof Of Concept Shell Upload
31.05.2017
c
Low
DokuWiki Proof Of Concept Shell Upload
31.05.2017
c


CVEMAP Search Results

CVE
Details
Description
2018-01-05
Medium
CVE-2017-4946

Updating...
 

 
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

 
Low
CVE-2014-8540

Vendor: Gitlab
Software: Gitlab
 

 
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

 
2018-01-04
Medium
CVE-2018-0743

Vendor: Microsoft
Software: Windows 10
 

 
Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

 
Medium
CVE-2018-0744

Vendor: Microsoft
Software: Windows 10
 

 
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

 
Medium
CVE-2018-0748

Vendor: Microsoft
Software: Windows 10
 

 
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".

 
Medium
CVE-2018-0749

Vendor: Microsoft
Software: Windows 10
 

 
The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".

 
Low
CVE-2018-0751

Vendor: Microsoft
Software: Windows 10
 

 
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.

 
Medium
CVE-2018-0752

Vendor: Microsoft
Software: Windows 10
 

 
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.

 
Medium
CVE-2018-0788

Vendor: Microsoft
Software: Windows 7
 

 
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".

 
Low
CVE-2017-1699

Vendor: IBM
Software: Websphere mq
 

 
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top