Show CWE-269: Improper Privilege Management - CXSecurity.com

	Topic	Date	Author
Med.	Razer Synapse Race Condition / DLL Hijacking	18.09.2023	Dr. Oliver Schwarz
Low	Gantt-Chart For Jira 5.5.3 Missing Privilege Check	04.08.2020	Sebastian Auwaerter
Med.	Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation	17.05.2020	Matthew Bergin
Med.	Ultimate Member 2.39 Unauthorized profile modification	18.06.2019	Clément Cruchet
Med.	WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing	27.02.2019	GeekHack
Med.	Goozmo™ Systems v.1.0 Improper Privilege Management	29.01.2019	KingSkrupellos
Med.	TP-Link EAP Controller CSRF / Hard-Coded Key / XSS	04.05.2018	Core
Med.	SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management	01.11.2017	Karn Ganeshen
Med.	Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation	25.04.2017	Hank Leininger and Mat...
Med.	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation	18.02.2017	Matt Bergin
Med.	phpMyAdmin 3.5.x/4.0.x privilege escalation	30.07.2013	SecuriTeam Secure Disc...
High	Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability	27.09.2012	X-Cisadane

CVEMAP Search Results

CVE

Details

Description

2024-07-23

	CVE-2024-1575	Updating...	The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
	CVE-2020-11640	Updating...	AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

2024-07-22

Waiting for details

CVE-2024-34457

Updating...

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

2024-07-18

Waiting for details

CVE-2024-30473

Updating...

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

2024-07-12

	CVE-2024-37927	Updating...	Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.
	CVE-2024-37560	Updating...	Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.

2024-07-09

	CVE-2024-37455	Updating...	Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
	CVE-2024-37952	Updating...	Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.

2024-07-08

Waiting for details

CVE-2024-4341

Updating...

Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.

2024-07-02

Waiting for details

CVE-2024-37126

Updating...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Copyright 2024, cxsecurity.com