CWE:
 

Topic
Date
Author
Med.
PostgreSQL 9.4-0.5.3 Privilege Escalation
14.08.2018
Johannes Segitz
Med.
Rufus 3.0 / 3.1 Privilege Escalation
07.08.2018
Stefan Kanthak
Med.
Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) Local Privilege Escalation
05.08.2018
sickness and mschenk
Med.
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
03.08.2018
h00die
Med.
VMWare Player 12.5.9 Privilege Escalation / Denial Of Service
03.08.2018
Stefan Kanthak
Med.
Imperva SecureSphere 11.5 / 12.0 / 13.0 Privilege Escalation
03.08.2018
0x09AL
Med.
Charles Proxy 4.2 Local Privilege Escalation
31.07.2018
Mark Wadham
High
WordPress Plugin Responsive Thumbnail Slider Arbitrary File Upload (Metasploit)
28.07.2018
Metasploit
High
Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload
27.07.2018
ShanoWeb
Med.
CleanMyMac3 Local Privilege Escalation
27.07.2018
Chi Chou
Med.
Inteno’s IOPSYS (Authenticated) Local Privilege Escalation
26.07.2018
neonsea
Med.
Network Manager VPNC 1.2.4 Privilege Escalation
25.07.2018
Denis Andzakovic
Med.
PrestaShop < 1.6.1.19 AES CBC Privilege Escalation
20.07.2018
Charles Fol
Med.
Linux BPF Sign Extension Local Privilege Escalation
19.07.2018
h00die
High
Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) Local Privilege Escalation
12.07.2018
ricklarabee
High
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
12.07.2018
T. Weber
High
ShopNx Arbitrary File Upload
04.07.2018
L0RD
Med.
Copyright © 2008 - 2018 by DaMa SOFT WebSiteX5 İwGallery Manager Privilege Escalation Vulnerability
30.06.2018
KingSkrupellos
Med.
Powered by Quick.Cart & HOST[24] Fckeditor Arbitrary File Upload Vulnerability
26.06.2018
KingSkrupellos
Med.
KVM Nest Virtualization L1 Guest Privilege Escalation
26.06.2018
Felix Wilhelm
High
Intex Router N-150 Arbitrary File Upload
26.06.2018
Samrat Das
High
LaraChurch 1.0 Shell Upload
25.06.2018
ShanoWeb
Med.
Projekt i wykonanie Pro-Link strony internetowe FCKEditor Exploit
23.06.2018
KingSkrupellos
Med.
WordPress Design By SmartCat.Net ImageManager Plugin Remote File Upload Vulnerability
23.06.2018
KingSkrupellos
Med.
WordPress Design By SmartCatDesign.Net ImageManager Plugin Remote File Upload Vulnerability
23.06.2018
KingSkrupellos
Med.
Developed by Rate it Services Business Solutions Mājas lapu izstrāde FCKeditor Remote File Upload Vulnerability
23.06.2018
KingSkrupellos
Med.
WebArisi Hosting Htaccess File Admin Bypass Exploit
21.06.2018
KingSkrupellos
Med.
RSLinx Classic and FactoryTalk Linx Gateway Privilege Escalation
14.06.2018
LiquidWorm
Med.
Rockwell Automation RSLinx Classic / FactoryTalk Linx Gateway Privilege Escalation
14.06.2018
LiquidWorm
High
Redaxo CMS Mediapool Arbitrary File Upload
14.06.2018
h0n1gsp3cht
Med.
glibc realpath() Privilege Escalation
13.06.2018
halfdog
Med.
Gardenoma Remote File Upload Vulnerability
11.06.2018
Mr.T959
Med.
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
08.06.2018
KingSkrupellos
Med.
Copyright © 2014 Indian Performing Art Center Admin Control Panel ByPass Vulnerability
08.06.2018
KingSkrupellos
High
NUUO NVRmini2 / NVRsolo Arbitrary File Upload
31.05.2018
M3@Pandas
High
Appnitro MachForm SQL Injection / Traversal / File Upload
31.05.2018
Amine Taouirsa
High
WordPress Peugeot Music 1.0 Shell Upload / Cross Site Request Forgery
25.05.2018
Mr.7z
High
PHP Login And User Management 4.1.0 Shell Upload
25.05.2018
Reginald Dodd
Med.
MySQL Blob Uploader 1.7 Cross Site Scripting / SQL Injection
24.05.2018
Ozkan Mustafa Akkus
High
WordPress Plugin Peugeot Music Arbitrary File Upload
24.05.2018
Mr.7z
Med.
Easy File Uploader 1.7 SQL Injection / Cross-Site Scripting
23.05.2018
Özkan Mustafa Akkuş
Med.
Reliable Datagram Sockets (RDS) Privilege Escalation
21.05.2018
Dan Rosenberg
Med.
Microsoft Windows Token Process Trust SID Access Check Bypass Privilege Escalation
18.05.2018
Google Security Resear...
Med.
AF_PACKET packet_set_ring Privilege Escalation
18.05.2018
Brendan Coles
High
MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting
15.05.2018
Fikri Fadzil
Med.
Libuser roothelper Privilege Escalation
14.05.2018
Brendan Coles
Med.
WordPress Plugin User Role Editor < 4.25 Privilege Escalation
07.05.2018
Tomislav Paskalev
Med.
Apache CouchDB 1.7.0 and 2.x before 2.1.1 Remote Privilege Escalation
24.04.2018
r4wd3r
High
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download
23.04.2018
Larry W. Cashdollar
Med.
lastore-daemon D-Bus Privilege Escalation
23.04.2018
Brendan Coles
Med.
Microsoft Windows Kernel (Windows 7 x86) Local Privilege Escalation (MS16-039)
18.04.2018
xiaodaozhi
Med.
Microsoft Windows Kernel (Windows 7 x86) Local Privilege Escalation (MS17-017)
18.04.2018
xiaodaozhi
High
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 Direct Object Reference
17.04.2018
Frogy
Med.
GNU Beep 1.3 HoleyBeep Local Privilege Escalation
13.04.2018
Pirhack
Low
WordPress Plugin WordPress File Upload 4.3.3 Stored XSS
11.04.2018
ManhNho
High
ProcessMaker Plugin Upload Exploit
04.04.2018
Brendan Coles
Med.
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
31.03.2018
Marco Ivaldi
High
Vtiger CRM 6.3.0 Authenticated Arbitrary File Upload (Metasploit)
31.03.2018
Touhid M.Shaikh
High
ClipBucket < 4.0.0 - Release 4902 beats_uploader Unauthenticated Arbitrary File Upload
27.03.2018
Touhid M.Shaikh
Med.
LabF nfsAxe 3.7 Privilege Escalation
27.03.2018
bzyo
Med.
Kaseya Virtual System Administrator (VSA) Local Privilege Escalation
24.03.2018
Filip Palian
Med.
IBM Spectrum LSF Privilege Escalation
20.03.2018
John Fitzpatrick
Med.
Huawei Mate 7 /dev/hifi_misc Privilege Escalation
20.03.2018
pray3r
Med.
Linux Kernel 4.13 (Debian 9) Local Privilege Escalation
20.03.2018
anonymous
High
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) netfilter target_offset Local Privilege Escalation
20.03.2018
Vitaly Nikolenko
Med.
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) SOCK_DIAG SMEP Bypass Local Privilege Escalation
20.03.2018
Vitaly Nikolenko
Med.
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) Local Privilege Escalation
20.03.2018
Bruce Leidl
Med.
Linux Kernel < 3.16.39 (Debian 8 x64) inotfiy Local Privilege Escalation
20.03.2018
Jeremy Huang
Med.
Sophos UTM 9.410 loginuser confd Service Privilege Escalation
06.03.2018
KoreLogic
High
Linux Kernel BadIRET Local Privilege Escalation
02.03.2018
Ren Kimura
Med.
NoMachine x86 < 6.0.80 nxfuse Privilege Escalation
23.02.2018
Fidus InfoSecurity
High
Joomla! Component Proclaim 9.1.1 Arbitrary File Upload
23.02.2018
Ihsan Sencan
Med.
MagniComp SysInfo mcsiwrapper Privilege Escalation
20.02.2018
Brendan Coles
High
Tejari Arbitrary File Upload
17.02.2018
Arvind Vishwakarma
Med.
ABRT raceabrt Privilege Escalation
16.02.2018
Brendan Coles
Med.
Juju-run Agent Privilege Escalation
12.02.2018
Brendan Coles
Med.
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
11.02.2018
Brendan Coles
Med.
NetEx HyperIP 6.1.0 Privilege Escalation
11.02.2018
Matt Bergin
Med.
MalwareFox AntiMalware 2.74.0.150 Local Privilege Escalation
07.02.2018
Souhail Hammou
Med.
MalwareFox AntiMalware 2.74.0.150 Privilege Escalation
06.02.2018
Souhail Hammou
Med.
Apport / ABRT chroot Privilege Escalation
03.02.2018
Brendan Coles
Med.
systemd (systemd-tmpfiles) < 236 fs.protected_hardlinks=0 Local Privilege Escalation
31.01.2018
Michael Orlitzky
Med.
System Shield 5.0.0.136 Privilege Escalation
31.01.2018
Parvez Anwar
High
Arq 5.10 Local root Privilege Escalation
30.01.2018
m4rkw
Med.
HP Connected Backup 8.6/8.8.6 Local Privilege Escalation
23.01.2018
Peter Lapp
High
DarkComet (C2 Server) File Upload
22.01.2018
Pseudo Laboratories
High
glibc getcwd() Local Privilege Escalation
19.01.2018
halfdog
Med.
Docker Sudo Privilege Escalation
18.01.2018
Pype
High
Synology Photo Station 6.8.2-3461 SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution
16.01.2018
mr_me
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Kaseya VSA 9.2 Shell Upload
15.01.2018
Kin Hung Cheng
High
phpCollab 2.5.1 Unauthenticated File Upload
12.01.2018
1oopho1e
High
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
11.01.2018
Omar Mezrag
Med.
Jungo Windriver 12.5.1 Privilege Escalation
11.01.2018
Fidus InfoSecurity
High
phpCollab 2.5.1 Unauthenticated File Upload
11.01.2018
Nick Marcoccio
Med.
WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation
09.01.2018
Panagiotis Vagenas
High
WordPress Plugin LearnDash 2.5.3 Arbitrary File Upload
08.01.2018
NinTechNet
High
WDMyCloud <= 2.30.165 Multiple Vulnerabilities
05.01.2018
GulfTech
Med.
Kingsoft Antivirus / Internet Security 9+ Privilege Escalation
04.01.2018
Steven
Med.
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
03.01.2018
Andrey Konovalov


CVEMAP Search Results

CVE
Details
Description
2018-06-26
Low
CVE-2018-0566

Vendor: Cybozu
Software: Office
 

 
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.

 
Medium
CVE-2018-0610

Vendor: Zenphoto
Software: Zenphoto
 

 
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.

 
2018-06-21
Medium
CVE-2018-12615

Vendor: Phusion
Software: Passenger
 

 
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

 
2018-06-20
Medium
CVE-2018-5237

Vendor: Symantec
Software: Endpoint pro...
 

 
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

 
Medium
CVE-2018-10841

Vendor: Gluster
Software: Glusterfs
 

 
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

 
2018-06-19
Medium
CVE-2018-1117

Vendor: Redhat
Software: Enterprise v...
 

 
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.

 
2018-06-18
Medium
CVE-2018-9021

Vendor: CA
Software: Privileged a...
 

 
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

 
Medium
CVE-2018-9022

Vendor: CA
Software: Privileged a...
 

 
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

 
2018-06-17
High
CVE-2018-12338

Vendor: ECOS
Software: System manag...
 

 
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.

 
Medium
CVE-2018-12027

Updating...
 

 
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top