CWE:
 

Topic
Date
Author
High
Western Digital MyCloud multi_uploadify File Upload
16.12.2017
Zenofex
High
Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload
13.12.2017
Colette Chamberland
High
Vanguard 1.4 Arbitrary File Upload
12.12.2017
Ihsan Sencan
Med.
TeamCity 2017.1.5 Privilege Escalation
11.12.2017
Heliand Dema
High
Simple Chatting System 1.0.0 Arbitrary File Upload
09.12.2017
Ihsan Sencan
Med.
Proxifier For Mac 2.19 Local Privilege Escalation
07.12.2017
m4rkw
Med.
Hashicorp vagrant-vmware-fusion 5.0.3 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Hashicorp vagrant-vmware-fusion 5.0.1 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Murus 1.4.11 Local Privilege Escalation
07.12.2017
Mark Wadham
Med.
Perspective ICM Investigation And Case 5.1.1.16 Privilege Escalation
07.12.2017
Konstantinos.alexiou
High
Arq Backup 5.9.6 Local Root Privilege Escalation
06.12.2017
Mark Wadham
High
Arq Backup 5.9.7 Local Root Privilege Escalation
06.12.2017
Mark Wadham
Med.
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
04.12.2017
kyREcon
Med.
Microsoft Windows 10 Creators Update 1703 WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation
30.11.2017
XPN
Med.
Mac OS X 10.13.1 Root Privilege Escalation
30.11.2017
Anonymous
High
CSC Cart 4.6.2 Shell Upload
26.11.2017
oric one
Med.
Scala 2.x Privilege Escalation
15.11.2017
Jason Zaugg
Med.
IKARUS AntiVirus 2.16.7 Privilege Escalation
14.11.2017
Parvez Anwar
Med.
Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
08.11.2017
Chris Salls
Med.
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
08.11.2017
Chris Salls
Med.
Splunk 6.6.x Local Privilege Escalation
04.11.2017
Hank Leininger
Med.
Vir.IT eXplorer Anti-Virus Privilege Escalation
03.11.2017
Parvez Anwa
Med.
MitraStar DSL-100HN-T1/GPT-2541GNAC Privilege Escalation
01.11.2017
j0lama
Med.
Bomgar Remote Support Local Privilege Escalation
27.10.2017
Robert Wessen
High
osTicket 1.10.1 Shell Upload
25.10.2017
Rajwinder Singh*
Med.
Sophos UTM 9 loginuser Privilege Escalation Via Insecure Directory Permissions
25.10.2017
Matt Bergin
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
22.10.2017
Anonymous
Med.
Tomcat Remote Code Execution via JSP Upload Bypass
19.10.2017
peewpw
High
Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
18.10.2017
SEC Consult
Med.
Opentext Documentum Content Server File Hijack / Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Opentext Documentum Content Server Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Tomcat JSP Upload Bypass Remote Code Execution
12.10.2017
peewpw
High
Apache Tomcat Upload Bypass / Remote Code Execution
11.10.2017
intx0x80
Med.
Unitrends UEB 9.1 Privilege Escalation
06.10.2017
Multiple
High
Apache Tomcat JSP Upload Bypass / Remote Code Execution
05.10.2017
xxlegend
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
Ingenious School Management System 2.3.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
iStock Management System 1.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
AMC Master Arbitrary File Upload
28.09.2017
Ihsan Sencan
High
Claydip Airbnb Clone 1.0 Arbitrary File Upload
25.09.2017
Ihsan Sencan
High
DlxSpot Shell Upload
21.09.2017
Simon Brannstrom
Med.
Netdecision 5.8.2 Local Privilege Escalation
18.09.2017
Peter Baris
Med.
D-Link DIR8xx Router Firmware Upload
15.09.2017
embedi
High
Aerohive Networks HiveManager Remote Shell Upload
10.09.2017
Sandro Zaccarini
High
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation
06.09.2017
Steven Seeley
Med.
Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation
05.09.2017
ParagonSec
Med.
TeraCopyService 3.1 Unquoted Service Path Privilege Escalation
05.09.2017
Rithwik Jayasimha
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
23.08.2017
Gjoko 'LiquidWorm' Krs...
High
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
23.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation
23.08.2017
Stefan Kanthak
High
DeWorkshop 1.0 - Arbitrary File Upload
20.08.2017
Ihsan Sencan
Med.
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
16.08.2017
Yorick Koster
Med.
Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation (MS17-017)
08.08.2017
Saif
Med.
VirtualBox 5.1.22 Windows Process DLL UNC Path Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
VirtualBox 5.1.22 Windows Process DLL Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation
03.08.2017
Mark Wadham
High
Advantech SUSIAccess 3.0 File Upload
02.08.2017
james fitts
High
WordPress Logosware Suite Uploader 1.1.6 File Upload
01.08.2017
Anonymous
Med.
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
19.07.2017
Mark Wadham
High
DotCMS 4.1.1 Shell Upload
19.07.2017
M3@pandas
Med.
Microsoft Windows COM Session Moniker Privilege Escalation
14.07.2017
forshaw
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco VideoXpert Privilege Escalation
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Microsoft .NET Privilege Escalation
08.07.2017
Stefan Kanthak
High
ActiveMQ < 5.14.0 web shell upload
30.06.2017
Ian
High
KBVault MySQL 0.16a Arbitrary File Upload
16.06.2017
Fatih Emiral
Med.
Sudo get_process_ttyname() Privilege Escalation
16.06.2017
Qualys
High
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
16.06.2017
bee13oy
Med.
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
15.06.2017
insecurity
Med.
Net Monitor For Employees Pro Privilege Escalation
09.06.2017
Saeid Atabaki
High
Craft CMS 2.6 Cross Site Scripting / File Upload
08.06.2017
Ahsan Tahir
Med.
DC/OS Marathon UI Docker Privilege Escalation
07.06.2017
Erik
High
Perch CMS 3.0.3 Cross Site Scripting / File Upload
07.06.2017
Vulnerability Lab
Med.
BIND 9.10.5 Unquoted Service Path Privilege Escalation
06.06.2017
hyp3rlinx
Low
Joomla 3.x Proof Of Concept Shell Upload
01.06.2017
c
Med.
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
31.05.2017
Florian Bogner
Low
Concrete5 Proof Of Concept Shell Upload
31.05.2017
c
Low
DokuWiki Proof Of Concept Shell Upload
31.05.2017
c
Med.
KDE 4/5 KAuth Privilege Escalation
24.05.2017
Sebastian Krahmer
High
InvoicePlane 1.4.10 File Upload / Cross Site Scripting
24.05.2017
Jasveer Singh
Med.
VMWare Workstation On Linux Privilege Escalation
23.05.2017
jannh
Med.
HP SimplePass 8.x Local Privilege Escalation
23.05.2017
Rehan Ahmed
High
BuilderEngine Arbitrary File Upload / Execution
17.05.2017
Marco Rivoli
High
Linux Kernel 3.x usb-midi Local Privilege Escalation
14.05.2017
Andrey Konovalov
Med.
Hola VPN 1.34 Privilege Escalation
04.05.2017
Vulnerability Lab
Med.
Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation
04.05.2017
Gjoko 'LiquidWorm' Krs...
High
Super File Explorer 1.0.1 Arbitrary File Upload
04.05.2017
Vulnerability Lab
Med.
Icecream 4.53 / Pro Privilege Escalation
04.05.2017
Vulnerability Lab
High
Easy File Uploader Remote Shell Upload
28.04.2017
Daniel Godoy
High
Simple File Uploader Arbitrary File Download
28.04.2017
Daniel Godoy
Med.
Portrait Display SDK Service Privilege Escalation
27.04.2017
W. Schober
Med.
Dell Customer Connect 1.3.28.0 Privilege Escalation
25.04.2017
Kacper Szurek
Med.
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
25.04.2017
forshaw
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
High
October CMS 1.0.412 Code Execution / Shell Upload
21.04.2017
Anti RA$?is


CVEMAP Search Results

CVE
Details
Description
2017-12-05
Medium
CVE-2017-9709

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.

 
Medium
CVE-2017-14895

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

 
Medium
CVE-2017-14904

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.

 
2017-11-30
Medium
CVE-2017-12342

Vendor: Cisco
Software: Nx-os
 

 
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621.

 
Medium
CVE-2017-12351

Vendor: Cisco
Software: Nx-os
 

 
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.

 
Medium
CVE-2017-12363

Vendor: Cisco
Software: Webex meetin...
 

 
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.

 
2017-11-28
Medium
CVE-2017-17045

Vendor: XEN
Software: XEN
 

 
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.

 
2017-11-24
Medium
CVE-2016-10700

Vendor: Cacti
Software: Cacti
 

 
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.

 
Medium
CVE-2017-16933

Updating...
 

 
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.

 
Medium
CVE-2017-16935

Updating...
 

 
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top