CWE:
 

Tytuł
Data
Autor
High
Native Church Website 1.0 Shell Upload
13.04.2021
Richard Jones
High
Composr 10.0.36 Shell Upload
08.04.2021
Orion Hridoy
Med.
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
02.04.2021
LiquidWorm
High
ScadaBR 1.0 Arbitrary File Upload Authenticated
01.04.2021
Fellipe Oliveira
High
FortiLogger Arbitrary File Upload
27.03.2021
Berkan Er
High
Development Kamel KCFinder 1.7 Shell Upload
26.03.2021
Rayan Ali
Med.
Intel RST User Interface / Driver Privilege Escalation
24.03.2021
Stefan Kanthak
High
CMS Made Simple 2.2.15 Shell Upload
22.03.2021
Riccardo Krauter
High
rConfig 3.9.6 Shell Upload
18.03.2021
Murat Seker
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
High
SonLogger 4.2.3.3 Shell Upload
16.03.2021
Berkan Er
High
Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection
16.03.2021
Christian Vierschillin...
High
Monitoring System (Dashboard) 1.0 Shell Upload
13.03.2021
Richard Jones
Med.
NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation
11.03.2021
LiquidWorm
Med.
Microsoft Windows Containers Privilege Escalation
10.03.2021
James Forshaw
High
FortiLogger 4.4.2.2 Unauthenticated Arbitrary File Upload (Metasploit)
09.03.2021
Berkan Er
High
VMware vCenter Server File Upload / Remote Code Execution
08.03.2021
mr_me
High
Hotel And Lodge Management System 1.0 Shell Upload
08.03.2021
Christian Vierschillin...
High
FortiLogger 4.4.2.2 Arbitrary File Upload
01.03.2021
Berkan Er
High
VMware vCenter Server 7.0 Unauthenticated File Upload
01.03.2021
Photubias
High
Zenphoto CMS 1.5.7 Shell Upload
28.02.2021
Abdulaziz Almisfer
High
Simple Employee Records System 1.0 Shell Upload
28.02.2021
sML
High
Simple Employee Records System 1.0 File Upload RCE (Unauthenticated)
26.02.2021
sml@lacashita.com
Med.
Millewin 13.39.146.1 Local Privilege Escalation
21.02.2021
Andrea Intilangelo
Med.
Apport 2.20 Privilege Escalation
18.02.2021
Gr33nh4t
High
TestLink 1.9.20 Shell Upload
15.02.2021
snovvcrash
Med.
Solaris 10 1/13 (Intel) dtprintinfo Local Privilege Escalation (2)
14.02.2021
Marco Ivaldi
High
Discord Probot Arbitrary File Upload
09.02.2021
thelastvvv
Med.
Solaris 10 1/13 (SPARC) dtprintinfo Local Privilege Escalation
03.02.2021
Marco Ivaldi
High
Voting System 1.0 Shell Upload
20.01.2021
Richard Jones
High
Church Rota 2.6.4 Shell Upload
20.01.2021
Rob McCarthy
High
Life Insurance Management System 1.0 Shell Upload
18.01.2021
Aitor Herrero
High
E-Learning System 1.0 SQL Injection / Shell Upload
15.01.2021
Saurav Shukla
Med.
FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS
14.01.2021
Pierre Kim
Med.
Cloud Filter Arbitrary File Creation / Privilege Escalation
13.01.2021
Grant Willcox
Med.
SmartAgent 3.1.0 Privilege Escalation
13.01.2021
Orion Hridoy
High
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
13.01.2021
h00die
High
WordPress wpDiscuz 7.0.4 Shell Upload
10.01.2021
Hoa Nguyen
High
WordPress Plugin Autoptimize 2.7.6 Authenticated Arbitrary File Upload (Metasploit)
10.01.2021
Hoa Nguyen
High
Employee Record System 1.0 Shell Upload
09.01.2021
Saeed Bala Ahmed
High
WordPress Autoptimize Shell Upload
08.01.2021
Hoa Nguyen
Med.
PaperStream IP (TWAIN) 1.42.0.5685 Local Privilege Escalation
07.01.2021
1F98D
High
Rock RMS File Upload / Account Takeover / Information Disclosure
04.01.2021
Cyber Security Researc...
High
Resumes Management And Job Application Website 1.0 Shell Upload
04.01.2021
Arnav Tripathy
High
WordPress Adning Advertising 1.5.5 Shell Upload
25.12.2020
spacehen
Med.
SUPREMO 4.1.3.2348 Privilege Escalation
23.12.2020
Victor Gil
Med.
Android Studio Privilege Escalation
23.12.2020
houjingyi
High
Microsoft Windows DrawIconEx Local Privilege Escalation
16.12.2020
timwr
High
Alumni Management System 1.0 Shell Upload
15.12.2020
Valerio Alessandroni
Med.
Macally WIFISD2-2A82 2.000.010 Privilege Escalation
15.12.2020
Maximilian Barz
Med.
Macally WIFISD2-2A82 2.000.010 Guest to Root Privilege Escalation
14.12.2020
Maximilian Barz and Da...
High
FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload
10.12.2020
Erik Wynter
High
Task Management System 1.0 Shell Upload
09.12.2020
Saeed Bala Ahmed
High
eClass LMS 2.6 Shell Upload
02.12.2020
Sohel Yousef
High
Moodle 3.8 Arbitary File Upload
30.11.2020
Sirwan Veisi
Med.
ZTE Blade Vantage Z839 Emode.APKdroid.uid.system Privilege Escalation
29.11.2020
Hacker Fantastic
High
WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload
22.11.2020
Jonathan Gregson
Med.
M/Monit 3.7.4 Privilege Escalation
22.11.2020
Dolev Farhi
High
Complaint Management System 1.0 Shell Upload
19.11.2020
Mohamed Elobeid
High
Artworks Gallery 1.0 Shell Upload
17.11.2020
Shahrukh Iqbal Mirza
Med.
Cisco 7937G DoS/Privilege Escalation
16.11.2020
Cody Martin
High
HorizontCMS 1.0.0-beta Shell Upload
13.11.2020
Erik Wynter
High
WordPress Plugin Simple File List 5.4 Arbitrary File Upload
05.11.2020
 coiffeur
Med.
iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation
05.11.2020
LiquidWorm
High
Apache Flink 1.9.x Shell Upload
02.11.2020
bigger.wing
High
Apache Flink 1.9.x File Upload RCE (Unauthenticated)
02.11.2020
bigger.wing
High
WordPress Simple File List 5.4 Shell Upload
02.11.2020
H4rk3nz0
High
Blueman Local Root / Privilege Escalation
29.10.2020
Vaisha Bernard
High
Sentrifugo 3.2 Shell Upload / Restriction Bypass
27.10.2020
Gurkirat Singh
High
Online Library Management System 1.0 Arbitrary File Upload
23.10.2020
Jyotsna Adhana
High
WordPress HS Brand Logo Slider 2.1 Shell Upload
22.10.2020
Net-Hunter
High
GOautodial 4.0 Shell Upload
22.10.2020
Balzabu
High
Linux / Unix su Privilege Escalation
21.10.2020
Gavin Youker
Med.
aaPanel 6.6.6 Privilege Escalation
16.10.2020
Unsal Furkan Harani
High
Microsoft Windows Uninitialized Variable Local Privilege Escalation
15.10.2020
timwr
High
Sage DPW 2020_06_000 / 2020_06_001 XSS / File Upload
13.10.2020
Gerhard Hechenberger
High
openMAINT 1.1-2.4.2 Arbitrary File Upload
09.10.2020
mrb3n
Med.
Checkmk 1.6.0p16 Local Privilege Escalation
03.10.2020
Thierry Viaccoz
High
Cisco AnyConnect Privilege Escalation
30.09.2020
Yorick Koster
Med.
MSI Ambient Link Driver 1.0.0.8 Privilege Escalation
29.09.2020
Matteo Malvica
High
Seat Reservation System 1.0 Shell Upload
23.09.2020
Rahul Ramkumar
High
Hyland OnBase Arbitrary File Upload
14.09.2020
Adaptive Security Cons...
High
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
08.09.2020
timwr
Med.
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
08.09.2020
Angelo D'Amato
High
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
08.09.2020
thelastvvv
High
SiteMagic CMS 4.4.2 Shell Upload
05.09.2020
V1n1v131r4
Med.
SUPERAntiSpyware Professional X Trial Privilege Escalation
28.08.2020
b1nary
High
WordPress Autoptimize 2.7.6 Shell Upload
28.08.2020
SunCSR
Med.
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
22.08.2020
LiquidWorm
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
High
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
01.08.2020
Brendan Coles
High
Online Bike Rental 1.0 Shell Upload
01.08.2020
hyd3sec
High
Koken CMS 0.22.24 Arbitrary File Upload (Authenticated)
31.07.2020
v1n1v131r4
High
Calavera UpLoader 3.5 FTP Logi Denial of Service (PoC + SEH Overwrite)
27.07.2020
Felipe Winsnes
Med.
SteelCentral Aternity Agent 11.0.0.120 Privilege Escalation
25.07.2020
Eneko Cruz Elejalde
High
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload
18.07.2020
Calvin Phang
High
Webtareas 2.1 / 2.1p File Upload / Information Disclosure
12.07.2020
AppleBois
Med.
Rittal Products Bypass / Command Injection / Privilege Escalation
12.07.2020
Johannes Kruchem
High
Online Student Enrollment System 1.0 Shell Upload
26.06.2020
BKpatron
Med.
Cisco AnyConnect Path Traversal / Privilege Escalation
25.06.2020
Yorick Koster


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
2019-09-04
Medium
CVE-2019-10709

Vendor: ASUS
Software: Precision to...
 

 
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top