CWE:
 

Topic
Date
Author
Med.
Разработка сайта Artonica Russia Unauthorized File Insertion
23.05.2019
KingSkrupellos
Med.
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
23.05.2019
Benjamin Hess
Med.
FreeBSD rtld execl() Privilege Escalation
22.05.2019
stealth
Med.
Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Ctecia ComputerTechnologies Experts Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
ЯрНео Разработка сайтов Yarneo WebDesign Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Netvidade Portugal Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
NSClient++ 0.5.2.35 Privilege Escalation
07.05.2019
bzyo
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
28.04.2019
Cisco Talos
Med.
Apache 2.4.17 < 2.4.38 apache2ctl graceful logrotate Local Privilege Escalation
14.04.2019
Charles
High
Horde Form Shell Upload
11.04.2019
Ratiosec
Med.
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
09.04.2019
Charles FOL
High
WordPress 5.0.0 Crop-image Shell Upload (Metasploit)
06.04.2019
Wilfried Becard
High
WordPress 5.0.0 crop-image Shell Upload
05.04.2019
RIPSTECH Technology
High
Classified Ad Lister 2.0 Arbitrary File Upload
01.04.2019
Mehmet Emiroglu
Low
Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload
28.03.2019
KingSkrupellos
Med.
exacqVision 9.8 Unquoted Service Path Privilege Escalation
21.03.2019
LiquidWorm
High
CSZ CMS 1.2.1 Arbitrary File Upload
21.03.2019
Mehmet Emiroglu
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
FreeBSD Intel SYSRET Privilege Escalation
07.03.2019
Rafal Wojtczuk
Med.
WordPress wp-bs3-rad Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress wp-bs3-rad Themes Unauthorized Insert File Vulnerability
06.03.2019
KingSkrupellos
Med.
WordPress HT-Poi Plugins 2.9 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress nlh_omp-v1 Themes 1.0 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress fuecaHome Plugins Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
DongDuongCMS Vietnext Unauthorized File Insertation Vulnerability
04.03.2019
KingSkrupellos
Med.
Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
04.03.2019
KingSkrupellos
Med.
WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download
27.02.2019
KingSkrupellos
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
Memu Play 6.0.7 Privilege Escalation
22.02.2019
Alejandra Sanchez
Med.
Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation
22.02.2019
Leandro Cuozzo
High
Webiness Inventory 2.3 ProductModel Arbitrary File Upload
21.02.2019
Mehmet EMIROGLU
High
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
20.02.2019
Dao Duy Hung
Med.
TinyMCE JBimages Plugin 3.x JustBoilMe Arbitrary File Upload Vulnerability
18.02.2019
KingSkrupellos
High
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
16.02.2019
Mohammad Danish
Med.
exacqVision ESM 5.12.2 Privilege Escalation
15.02.2019
bzyo
Med.
Joomla Jumi 3.0.5 Database Disclosure / SQL Injection
04.02.2019
KingSkrupellos
Med.
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
04.02.2019
Stefan Petrushevski
Med.
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
02.02.2019
Chris Moberly
Med.
MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation
25.01.2019
D7X
Med.
AddressSanitizer (ASan) SUID Executable Privilege Escalation
24.01.2019
Brendan Coles
High
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
24.01.2019
Chris Lyne
Med.
ManageEngine OpManager 12.3 Privilege Escalation
22.01.2019
Humberto Cabrera
Med.
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
17.01.2019
Chris Anastasio
Med.
blueman set_dhcp_handler D-Bus Privilege Escalation
16.01.2019
The Grugq
High
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
11.01.2019
Vahagn Vardanian
Med.
Wordpress Plugin UserPro < 4.9.21 User Registration Privilege Escalation
09.01.2019
Noman Riffat
Med.
KioWare Server 4.9.6 Privilege Escalation
08.01.2019
Hashim Jawad
High
Roxy Fileman 1.4.5 File Upload / Directory Traversal
08.01.2019
Pongtorn Angsuchotmete...
Med.
WordPress UserPro Privilege Escalation
08.01.2019
Noman Riffat
Med.
KioWare Server Version 4.9.6 Weak Folder Permissions Privilege Escalation
07.01.2019
Hashim Jawad
High
WordPress Baggage Freight Shipping Australia 0.1.0 Shell Upload
30.12.2018
Kaimi
High
WordPress Audio Record 1.0 Shell Upload
30.12.2018
Kaimi
High
bludit Pages Editor 3.0.0 Shell Upload
28.12.2018
BouSalman
High
ASUS Driver Privilege Escalation
23.12.2018
Core Security Technolo...
High
GIGABYTE Driver Privilege Escalation
23.12.2018
Core Security Technolo...
Med.
Juniper Secure Access SSL VPN Privilege Escalation
23.12.2018
Rafael Pedrero
High
Adobe ColdFusion 2018 Arbitrary File Upload
22.12.2018
Pete Freitag
Med.
WordPress Lumise 4.9 Database Disclosure
18.12.2018
KingSkrupellos
High
xorg-x11-server modulepath Local Privilege Escalation
03.12.2018
Marco Ivaldi
High
Joomla JCE 2.6.33 Arbitrary Insert File Vulnerability
02.12.2018
KingSkrupellos
High
Linux Nested User Namespace idmap Limit Local Privilege Escalation
29.11.2018
Brendan Coles
Med.
Mac OS X libxpc MITM Privilege Escalation
29.11.2018
saelo
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
Med.
Unitrends Enterprise Backup bpserverd Privilege Escalation
29.11.2018
h00die
Med.
WordPress Universal Post Manager 1.5.0 Database Disclosure
26.11.2018
KingSkrupellos
High
Xorg X11 Server SUID Privilege Escalation
26.11.2018
Narendra Shinde
Med.
Joomla MacGallery Database Disclosure
26.11.2018
KingSkrupellos
Med.
WordPress paid-memberships-pro Plugins 1.5.2 Database Backup Information Disclosure Vulnerability
23.11.2018
KingSkrupellos
Med.
Microsoft Windows DfMarshal Unsafe Unmarshaling Privilege Escalation
21.11.2018
Google Security Resear...
High
2-Plan Team 1.0.4 Arbitrary File Upload
21.11.2018
Ihsan Sencan
High
Helpdezk 1.1.1 Shell Upload
17.11.2018
Ihsan Sencan
High
2-Plan Team 1.0.4 Shell Upload
16.11.2018
Ihsan Sencan
High
Kordil EDMS 2.2.60rc3 Shell Upload
16.11.2018
Ihsan Sencan
High
Atlassian Jira Authenticated Upload Code Execution
14.11.2018
Alexander Gonzalez
High
Alive Parish 2.0.4 File Upload / SQL Injection
14.11.2018
Ihsan Sencan
Med.
SwitchVPN For MacOS 2.1012.03 Privilege Escalation
14.11.2018
Bernd Leitner
High
OCS Inventory NG ocsreports Shell Upload
14.11.2018
Simon Uvarov
High
Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload
14.11.2018
Ihsan Sencan
Med.
Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
13.11.2018
KingSkrupellos
Med.
Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability
12.11.2018
KingSkrupellos
Med.
Design and Developed by TechSparkIT Limited Bangladesh Education Unauthorized Insert File Vulnerability
12.11.2018
KingSkrupellos
Med.
Design & Develop by Mahamud Bangladesh Education Unauthorized Arbitrary Insert File Vulnerability
12.11.2018
KingSkrupellos
Med.
Microsoft Windows 10 Build 17134 Local Privilege Escalation
09.11.2018
Tenable Network Securi...
High
blueimps jQuery 9.22.0 (Arbitrary) File Upload (Metasploit)
09.11.2018
wvu
Med.
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
07.11.2018
Matthew Bergin
High
blueimp jQuery Arbitrary File Upload
06.11.2018
Larry W. Cashdollar
High
Poppy Web Interface Generator 0.8 Shell Upload
06.11.2018
Ihsan Sencan
Med.
LiquidVPN For macOS 1.3.7 Privilege Escalation
03.11.2018
Bernd Leitner
High
Asaancart Simple PHP Shopping Cart 0.9 Arbitrary File Upload / SQL Injection
02.11.2018
Ihsan Sencan
High
School Event Management System 1.0 Shell Upload
30.10.2018
Ihsan Sencan


CVEMAP Search Results

CVE
Details
Description
2019-05-23
Medium
CVE-2019-4078

Vendor: IBM
Software: Websphere mq
 

 
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.

 
2019-05-22
Medium
CVE-2019-10132

Vendor: Redhat
Software: Libvirt
 

 
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

 
High
CVE-2019-11536

Vendor: Kalkitech
Software: Sync3000 fir...
 

 
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.

 
Low
CVE-2019-5625

Vendor: Eaton
Software: Halo home
 

 
The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app.

 
Medium
CVE-2018-7842

Vendor: Schneider-electric
Software: Modicon m340...
 

 
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

 
Medium
CVE-2019-6815

Vendor: Schneider-electric
Software: Modicon quan...
 

 
In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.

 
2019-05-21
Low
CVE-2019-12252

Vendor: Zohocorp
Software: Manageengine...
 

 
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.

 
2019-05-17
Medium
CVE-2018-3701

Vendor: Intel
Software: Proset/wirel...
 

 
Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

 
Medium
CVE-2019-0086

Vendor: Intel
Software: Converged se...
 

 
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

 
Medium
CVE-2019-0098

Vendor: Intel
Software: Converged se...
 

 
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top