Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Razer Synapse Race Condition / DLL Hijacking
18.09.2023
Dr. Oliver Schwarz
Low
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
04.08.2020
Sebastian Auwaerter
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
17.05.2020
Matthew Bergin
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane
CVEMAP Search Results
CVE
Details
Description
2023-09-28
CVE-2023-43664
Updating...
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
CVE-2023-43663
Updating...
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
2023-09-27
CVE-2023-41326
Updating...
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-41324
Updating...
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-33972
Updating...
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.
2023-09-14
CVE-2023-4972
Updating...
Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .
2023-09-13
CVE-2023-4701
Updating...
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.
2023-09-11
CVE-2023-4278
Updating...
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
2023-09-06
CVE-2023-41053
Updating...
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2023-09-01
CVE-2023-4697
Updating...
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
Copyright
2023
, cxsecurity.com
Back to Top
