CWE:
 

Tytuł
Data
Autor
Med.
CentOS Control Web Panel 0.9.8.836 Privilege Escalation
17.07.2019
Pongtorn Angsuchotmete...
Low
ExpressVPN - Unquoted Service Path Privilege Escalation
14.07.2019
Iran Cyber Security Gr...
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
Med.
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
01.07.2019
timwr
High
FortiCam FCM-MB40 Code Execution / Privilege Escalation
25.06.2019
XORcat
Med.
CentOS 7.6 ptrace_scope Privilege Escalation
21.06.2019
Marcelo Vazquez
High
Cisco Prime Infrastructure Runrshell Privilege Escalation
20.06.2019
sinn3r
Med.
Telus Actiontec T2200H Local Privilege Escalation
13.06.2019
Andrew Klaus
Med.
Telus Actiontec WEB6000Q Privilege Escalation
13.06.2019
Andrew Klaus
High
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
06.06.2019
KingSkrupellos
Med.
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
31.05.2019
Chris Moberly
Med.
Joomla 3.9.6 Com_Attachments Components 3.x Unauthorized File Insertion
27.05.2019
KingSkrupellos
Med.
Разработка сайта Artonica Russia Unauthorized File Insertion
23.05.2019
KingSkrupellos
Med.
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
23.05.2019
Benjamin Hess
Med.
FreeBSD rtld execl() Privilege Escalation
22.05.2019
stealth
Med.
Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Ctecia ComputerTechnologies Experts Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
ЯрНео Разработка сайтов Yarneo WebDesign Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Netvidade Portugal Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
NSClient++ 0.5.2.35 Privilege Escalation
07.05.2019
bzyo
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
28.04.2019
Cisco Talos
Med.
Apache 2.4.17 < 2.4.38 apache2ctl graceful logrotate Local Privilege Escalation
14.04.2019
Charles
High
Horde Form Shell Upload
11.04.2019
Ratiosec
Med.
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
09.04.2019
Charles FOL
High
WordPress 5.0.0 Crop-image Shell Upload (Metasploit)
06.04.2019
Wilfried Becard
High
WordPress 5.0.0 crop-image Shell Upload
05.04.2019
RIPSTECH Technology
High
Classified Ad Lister 2.0 Arbitrary File Upload
01.04.2019
Mehmet Emiroglu
Low
Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload
28.03.2019
KingSkrupellos
Med.
exacqVision 9.8 Unquoted Service Path Privilege Escalation
21.03.2019
LiquidWorm
High
CSZ CMS 1.2.1 Arbitrary File Upload
21.03.2019
Mehmet Emiroglu
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
FreeBSD Intel SYSRET Privilege Escalation
07.03.2019
Rafal Wojtczuk
Med.
WordPress wp-bs3-rad Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress wp-bs3-rad Themes Unauthorized Insert File Vulnerability
06.03.2019
KingSkrupellos
Med.
WordPress HT-Poi Plugins 2.9 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress nlh_omp-v1 Themes 1.0 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress fuecaHome Plugins Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
DongDuongCMS Vietnext Unauthorized File Insertation Vulnerability
04.03.2019
KingSkrupellos
Med.
Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
04.03.2019
KingSkrupellos
Med.
WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download
27.02.2019
KingSkrupellos
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
Memu Play 6.0.7 Privilege Escalation
22.02.2019
Alejandra Sanchez
Med.
Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation
22.02.2019
Leandro Cuozzo
High
Webiness Inventory 2.3 ProductModel Arbitrary File Upload
21.02.2019
Mehmet EMIROGLU
High
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
20.02.2019
Dao Duy Hung
Med.
TinyMCE JBimages Plugin 3.x JustBoilMe Arbitrary File Upload Vulnerability
18.02.2019
KingSkrupellos
High
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
16.02.2019
Mohammad Danish
Med.
exacqVision ESM 5.12.2 Privilege Escalation
15.02.2019
bzyo
Med.
Joomla Jumi 3.0.5 Database Disclosure / SQL Injection
04.02.2019
KingSkrupellos
Med.
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
04.02.2019
Stefan Petrushevski
Med.
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
02.02.2019
Chris Moberly
Med.
MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation
25.01.2019
D7X
Med.
AddressSanitizer (ASan) SUID Executable Privilege Escalation
24.01.2019
Brendan Coles
High
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
24.01.2019
Chris Lyne
Med.
ManageEngine OpManager 12.3 Privilege Escalation
22.01.2019
Humberto Cabrera
Med.
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
17.01.2019
Chris Anastasio
Med.
blueman set_dhcp_handler D-Bus Privilege Escalation
16.01.2019
The Grugq
High
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
11.01.2019
Vahagn Vardanian
Med.
Wordpress Plugin UserPro < 4.9.21 User Registration Privilege Escalation
09.01.2019
Noman Riffat
Med.
KioWare Server 4.9.6 Privilege Escalation
08.01.2019
Hashim Jawad
High
Roxy Fileman 1.4.5 File Upload / Directory Traversal
08.01.2019
Pongtorn Angsuchotmete...
Med.
WordPress UserPro Privilege Escalation
08.01.2019
Noman Riffat
Med.
KioWare Server Version 4.9.6 Weak Folder Permissions Privilege Escalation
07.01.2019
Hashim Jawad
High
WordPress Baggage Freight Shipping Australia 0.1.0 Shell Upload
30.12.2018
Kaimi
High
WordPress Audio Record 1.0 Shell Upload
30.12.2018
Kaimi
High
bludit Pages Editor 3.0.0 Shell Upload
28.12.2018
BouSalman
High
ASUS Driver Privilege Escalation
23.12.2018
Core Security Technolo...
High
GIGABYTE Driver Privilege Escalation
23.12.2018
Core Security Technolo...
Med.
Juniper Secure Access SSL VPN Privilege Escalation
23.12.2018
Rafael Pedrero
High
Adobe ColdFusion 2018 Arbitrary File Upload
22.12.2018
Pete Freitag
Med.
WordPress Lumise 4.9 Database Disclosure
18.12.2018
KingSkrupellos
High
xorg-x11-server modulepath Local Privilege Escalation
03.12.2018
Marco Ivaldi
High
Joomla JCE 2.6.33 Arbitrary Insert File Vulnerability
02.12.2018
KingSkrupellos
High
Linux Nested User Namespace idmap Limit Local Privilege Escalation
29.11.2018
Brendan Coles
Med.
Mac OS X libxpc MITM Privilege Escalation
29.11.2018
saelo
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
Med.
Unitrends Enterprise Backup bpserverd Privilege Escalation
29.11.2018
h00die
Med.
WordPress Universal Post Manager 1.5.0 Database Disclosure
26.11.2018
KingSkrupellos
High
Xorg X11 Server SUID Privilege Escalation
26.11.2018
Narendra Shinde
Med.
Joomla MacGallery Database Disclosure
26.11.2018
KingSkrupellos
Med.
WordPress paid-memberships-pro Plugins 1.5.2 Database Backup Information Disclosure Vulnerability
23.11.2018
KingSkrupellos
Med.
Microsoft Windows DfMarshal Unsafe Unmarshaling Privilege Escalation
21.11.2018
Google Security Resear...
High
2-Plan Team 1.0.4 Arbitrary File Upload
21.11.2018
Ihsan Sencan
High
Helpdezk 1.1.1 Shell Upload
17.11.2018
Ihsan Sencan
High
2-Plan Team 1.0.4 Shell Upload
16.11.2018
Ihsan Sencan
High
Kordil EDMS 2.2.60rc3 Shell Upload
16.11.2018
Ihsan Sencan
High
Atlassian Jira Authenticated Upload Code Execution
14.11.2018
Alexander Gonzalez
High
Alive Parish 2.0.4 File Upload / SQL Injection
14.11.2018
Ihsan Sencan
Med.
SwitchVPN For MacOS 2.1012.03 Privilege Escalation
14.11.2018
Bernd Leitner
High
OCS Inventory NG ocsreports Shell Upload
14.11.2018
Simon Uvarov
High
Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload
14.11.2018
Ihsan Sencan


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-07-17
Medium
CVE-2019-11771

Vendor: Eclipse
Software: Openj9
 

 
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

 
High
CVE-2019-12876

Vendor: Zohocorp
Software: Manageengine...
 

 
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

 
2019-07-15
Medium
CVE-2019-1010023

Vendor: GNU
Software: Glibc
 

 
GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.

 
Medium
CVE-2019-0880

Vendor: Microsoft
Software: Windows 10
 

 
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

 
Low
CVE-2019-0962

Vendor: Microsoft
Software: Azure automation
 

 
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.

 
Medium
CVE-2019-0999

Vendor: Microsoft
Software: Windows 10
 

 
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

 
Medium
CVE-2019-1037

Vendor: Microsoft
Software: Windows 10
 

 
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

 
Medium
CVE-2019-1067

Vendor: Microsoft
Software: Windows 10
 

 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

 
Low
CVE-2019-1074

Vendor: Microsoft
Software: Windows 10
 

 
An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1082.

 
Medium
CVE-2019-1077

Vendor: Microsoft
Software: Visual studi...
 

 
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top