Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Low
PlayTube 3.0.1 Information Disclosure
05.09.2023
CraCkEr
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
HanYazilim Paper Submission System .NET v1.0 Privilege Escalation / Backdoor Access
22.02.2019
KingSkrupellos
Low
Calamp.com Incorrect Privilege Assignment
15.05.2018
Vangelis Stykas
CVEMAP Search Results
CVE
Details
Description
2023-09-13
CVE-2023-4153
Updating...
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.
2023-07-25
CVE-2023-39173
Updating...
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
2023-04-12
CVE-2023-1874
Updating...
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.
2022-08-05
CVE-2022-2626
Updating...
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
2022-04-04
Low
CVE-2022-1225
Vendor:
Phpipam
Software:
Phpipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
2021-05-26
Medium
CVE-2020-10695
Vendor:
Redhat
Software:
Single sign-on
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.
2021-04-19
CVE-2021-20208
Updating...
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
2021-03-24
Medium
CVE-2019-19353
Vendor:
Redhat
Software:
Openshift co...
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Medium
CVE-2019-19352
Vendor:
Redhat
Software:
Openshift co...
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Medium
CVE-2019-19350
Vendor:
Redhat
Software:
Openshift
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Copyright
2023
, cxsecurity.com
Back to Top
