CWE:
 

Topic
Date
Author
Low
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
04.08.2020
Sebastian Auwaerter
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
17.05.2020
Matthew Bergin
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane


CVEMAP Search Results

CVE
Details
Description
2021-02-26
Medium
CVE-2019-18945

Vendor: Microfocus
Software: Solutions bu...
 

 
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

 
2021-02-24
High
CVE-2021-1388

Vendor: Cisco
Software: Aci multi-si...
 

 
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.

 
2021-02-23
Medium
CVE-2021-25630

Vendor: Collaboraoffice
Software: Online
 

 
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

 
Medium
CVE-2021-27579

Vendor: Snowsoftware
Software: Snow inventory
 

 
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

 
Medium
CVE-2021-26594

Vendor: Rangerstudio
Software: Directus
 

 
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

 
Medium
CVE-2021-26677

Updating...
 

 
A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.

 
2021-02-19
Medium
CVE-2020-36246

Vendor: Amaze file manager project
Software: Amaze file m...
 

 
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.

 
Low
CVE-2020-36251

Vendor: Owncloud
Software: Owncloud
 

 
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.

 
Medium
CVE-2020-13549

Vendor: Sytech
Software: Xlreporter
 

 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.

 
Medium
CVE-2020-27997

Vendor: Smartstore
Software: Smartstorenet
 

 
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).

 

 


Copyright 2021, cxsecurity.com

 

Back to Top