CWE:
 

Topic
Date
Author
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane


CVEMAP Search Results

CVE
Details
Description
2019-09-20
Medium
CVE-2016-11004

Updating...
 

 
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.

 
Medium
CVE-2016-11003

Updating...
 

 
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

 
Medium
CVE-2016-11002

Updating...
 

 
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

 
Low
CVE-2016-11011

Updating...
 

 
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

 
2019-09-19
High
CVE-2019-3689

Vendor: Linux-nfs
Software: Nfs-utils
 

 
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set

 
2019-09-16
Medium
CVE-2019-11166

Vendor: Intel
Software: Easy streami...
 

 
Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack.

 
Medium
CVE-2016-10971

Vendor: Membersonic
Software: Membersonic
 

 
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.

 
Medium
CVE-2016-10972

Vendor: Tagdiv
Software: Newspaper
 

 
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

 
Medium
CVE-2019-15741

Updating...
 

 
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation

 
Medium
CVE-2016-10968

Vendor: Peepso
Software: Peepso
 

 
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top