CWE:
 

Topic
Date
Author
Med.
Opentext Documentum Content Server File Hijack / Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Opentext Documentum Content Server Privilege Escalation
15.10.2017
Andrey B. Panfilov
High
Tomcat JSP Upload Bypass Remote Code Execution
12.10.2017
peewpw
High
Apache Tomcat Upload Bypass / Remote Code Execution
11.10.2017
intx0x80
Med.
Unitrends UEB 9.1 Privilege Escalation
06.10.2017
Multiple
High
Apache Tomcat JSP Upload Bypass / Remote Code Execution
05.10.2017
xxlegend
High
phpCollab 2.5.1 Arbitrary File Upload
03.10.2017
Sysdream
High
Ingenious School Management System 2.3.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
iStock Management System 1.0 Arbitrary File Upload
01.10.2017
Ihsan Sencan
High
PhpCollab 2.5.1 Shell Upload
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
AMC Master Arbitrary File Upload
28.09.2017
Ihsan Sencan
High
Claydip Airbnb Clone 1.0 Arbitrary File Upload
25.09.2017
Ihsan Sencan
High
DlxSpot Shell Upload
21.09.2017
Simon Brannstrom
Med.
Netdecision 5.8.2 Local Privilege Escalation
18.09.2017
Peter Baris
Med.
D-Link DIR8xx Router Firmware Upload
15.09.2017
embedi
High
Aerohive Networks HiveManager Remote Shell Upload
10.09.2017
Sandro Zaccarini
High
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation
06.09.2017
Steven Seeley
Med.
Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation
05.09.2017
ParagonSec
Med.
TeraCopyService 3.1 Unquoted Service Path Privilege Escalation
05.09.2017
Rithwik Jayasimha
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
23.08.2017
Gjoko 'LiquidWorm' Krs...
High
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
23.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation
23.08.2017
Stefan Kanthak
High
DeWorkshop 1.0 - Arbitrary File Upload
20.08.2017
Ihsan Sencan
Med.
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
16.08.2017
Yorick Koster
Med.
Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation (MS17-017)
08.08.2017
Saif
Med.
VirtualBox 5.1.22 Windows Process DLL UNC Path Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
VirtualBox 5.1.22 Windows Process DLL Signature Bypass Privilege Escalation
04.08.2017
Google Security Resear...
Med.
Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation
03.08.2017
Mark Wadham
High
Advantech SUSIAccess 3.0 File Upload
02.08.2017
james fitts
High
WordPress Logosware Suite Uploader 1.1.6 File Upload
01.08.2017
Anonymous
Med.
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
19.07.2017
Mark Wadham
High
DotCMS 4.1.1 Shell Upload
19.07.2017
M3@pandas
Med.
Microsoft Windows COM Session Moniker Privilege Escalation
14.07.2017
forshaw
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco VideoXpert Privilege Escalation
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Microsoft .NET Privilege Escalation
08.07.2017
Stefan Kanthak
High
ActiveMQ < 5.14.0 web shell upload
30.06.2017
Ian
High
KBVault MySQL 0.16a Arbitrary File Upload
16.06.2017
Fatih Emiral
Med.
Sudo get_process_ttyname() Privilege Escalation
16.06.2017
Qualys
High
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
16.06.2017
bee13oy
Med.
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
15.06.2017
insecurity
Med.
Net Monitor For Employees Pro Privilege Escalation
09.06.2017
Saeid Atabaki
High
Craft CMS 2.6 Cross Site Scripting / File Upload
08.06.2017
Ahsan Tahir
Med.
DC/OS Marathon UI Docker Privilege Escalation
07.06.2017
Erik
High
Perch CMS 3.0.3 Cross Site Scripting / File Upload
07.06.2017
Vulnerability Lab
Med.
BIND 9.10.5 Unquoted Service Path Privilege Escalation
06.06.2017
hyp3rlinx
Low
Joomla 3.x Proof Of Concept Shell Upload
01.06.2017
c
Med.
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
31.05.2017
Florian Bogner
Low
Concrete5 Proof Of Concept Shell Upload
31.05.2017
c
Low
DokuWiki Proof Of Concept Shell Upload
31.05.2017
c
Med.
KDE 4/5 KAuth Privilege Escalation
24.05.2017
Sebastian Krahmer
High
InvoicePlane 1.4.10 File Upload / Cross Site Scripting
24.05.2017
Jasveer Singh
Med.
VMWare Workstation On Linux Privilege Escalation
23.05.2017
jannh
Med.
HP SimplePass 8.x Local Privilege Escalation
23.05.2017
Rehan Ahmed
High
BuilderEngine Arbitrary File Upload / Execution
17.05.2017
Marco Rivoli
High
Linux Kernel 3.x usb-midi Local Privilege Escalation
14.05.2017
Andrey Konovalov
Med.
Hola VPN 1.34 Privilege Escalation
04.05.2017
Vulnerability Lab
Med.
Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation
04.05.2017
Gjoko 'LiquidWorm' Krs...
High
Super File Explorer 1.0.1 Arbitrary File Upload
04.05.2017
Vulnerability Lab
Med.
Icecream 4.53 / Pro Privilege Escalation
04.05.2017
Vulnerability Lab
High
Easy File Uploader Remote Shell Upload
28.04.2017
Daniel Godoy
High
Simple File Uploader Arbitrary File Download
28.04.2017
Daniel Godoy
Med.
Portrait Display SDK Service Privilege Escalation
27.04.2017
W. Schober
Med.
Dell Customer Connect 1.3.28.0 Privilege Escalation
25.04.2017
Kacper Szurek
Med.
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
25.04.2017
forshaw
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
High
October CMS 1.0.412 Code Execution / Shell Upload
21.04.2017
Anti RA$?is
High
Trend Micro TDA 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
20.04.2017
Steven Seeley
High
Trend Micro TDA 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
20.04.2017
Steven Seeley
Med.
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
19.04.2017
jannh
Med.
Microsoft Windows taskschd.msc Privilege Escalation
19.04.2017
Todor Donev
Med.
TOVA 8 Unquoted Service Path Privilege Escalation
18.04.2017
Rithwik Jayasimha
Med.
Linux Kernel 4.8.0 udev 232 Privilege Escalation
15.04.2017
Nassim Asrir
Med.
GNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
14.04.2017
Hacker Fantastic
Med.
PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
14.04.2017
Hacker Fantastic
Med.
Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
13.04.2017
Hacker Fantastic
High
Proxifier 2.18 Privilege Escalation / Code Execution
12.04.2017
Mark Wadham
High
Nuxeo Platform 6.x / 7.x Shell Upload
24.03.2017
SYSDREAM Labs
High
Solar-Log CSRF / Information Disclosure / DoS / File Upload
22.03.2017
T. Weber
Med.
DIGISOL DG-HR1400 1.00.02 Privilege Escalation
21.03.2017
Indrajith.A.N
Med.
WordPress Multiple Plugin File Upload
21.03.2017
Munir Njirun
High
b2evolution 6.8.8 Shell Upload
15.03.2017
@rungga_reksya, @dvnrc...
High
Global In Shell Upload
13.03.2017
Ihsan Sencan
Med.
Fiyo CMS 2.0.6.1 Privilege Escalation
12.03.2017
@rungga_reksya, @dvnrc...
Med.
USBPcap 1.1.0.0 Privilege Escalation
11.03.2017
Parvez Anwar
High
iBaseCMS 1.23 SQL Injection / File Upload
09.03.2017
Bilal KARDADOU
High
Western Digital My Cloud Command Injection / File Upload
08.03.2017
Wan Ikram
Med.
CyberGhost 6.0.4.2205 Privilege Escalation
07.03.2017
Kacper Szurek
High
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation
23.02.2017
hantwister
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
ShadeYouVPN.com Client For Windows 2.0.1.11 Privilege Escalation
15.02.2017
Kacper Szurek
Med.
Piwik Superuser Plugin Upload
14.02.2017
FireFart
High
Easy File Uploader 1.2 Arbitrary File Download
09.02.2017
Ihsan Sencan
High
MySQL File Uploader 1.0 SQL Injection
09.02.2017
Ihsan Sencan
Med.
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
02.02.2017
dustyfresh
Med.
Viscosity For Windows 1.6.7 Privilege Escalation
01.02.2017
Kacper Szurek
Med.
Polycom VVX Web Interface Privilege Escalation
27.01.2017
Mike Brown


CVEMAP Search Results

CVE
Details
Description
2015-02-22
Low
CVE-2014-7922

Vendor: Google
Software: Play service...
 

 
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.

 
2015-02-19
Medium
CVE-2015-1515

Vendor: Softsphere
Software: Defensewall ...
 

 
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.

 
2015-02-18
Medium
CVE-2014-5286

Vendor: Tibco
Software: Activematrix...
 

 
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.

 
2015-02-17
Medium
CVE-2015-1356

Vendor: Siemens
Software: Simatic step 7
 

 
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

 
2015-02-16
Medium
CVE-2015-1496

Vendor: Motorola
Software: Motorola sca...
 

 
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

 
2015-02-12
Low
CVE-2014-6139

Vendor: IBM
Software: Business pro...
 

 
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

 
2015-02-06
High
CVE-2014-9353

Vendor: Netapp
Software: Oncommand ba...
 

 
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.

 
Medium
CVE-2014-9632

Vendor: AVG
Software: Internet sec...
 

 
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

 
Medium
CVE-2014-9641

Vendor: Trendmicro
Software: Tmeext.sys
 

 
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.

 
Medium
CVE-2014-9642

Vendor: Bullguard
Software: Bdagent.sys
 

 
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top