CWE:
 

Tytuł
Data
Autor
High
WordPress Download From Files 1.48 Shell Upload
18.09.2021
spacehen
High
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
17.09.2021
Ricardo Jose Ruiz Fern...
High
AlphaWeb XE File Upload Remote Code Execution (Authenticated)
15.09.2021
Ricardo Ruiz (@ricardo...
High
Patient Appointment Scheduler System 1.0 Shell Upload
08.09.2021
a-rey
Med.
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
01.09.2021
Grant Willcox
High
Online Leave Management System 1.0 Shell Upload
25.08.2021
Justin White
High
Simple Water Refilling Station Management System 1.0 Remote Code Execution (RCE) through File Upload
20.08.2021
Matt Sorrell
Med.
Lexmark Driver Privilege Escalation
12.08.2021
Jacob Baines
Med.
Canon TR150 Driver 3.71.2.10 Privilege Escalation
11.08.2021
Jacob Baines
Med.
Amica Prodigy 1.7 Privilege Escalation
07.08.2021
Andrea Intilangelo
High
GFI Mail Archiver 15.1 Telerik UI Component Arbitrary File Upload (Unauthenticated)
06.08.2021
Amin Bohio
High
GFI Mail Archiver 15.1 Arbitrary File Upload
06.08.2021
Paul Taylor
High
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
03.08.2021
Merbin Russel
Med.
Pi-Hole Remove Commands Linux Privilege Escalation
01.08.2021
h00die
Med.
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
28.07.2021
Faisal Alhadlaq
High
Event Registration System With QR Code 1.0 Shell Upload
28.07.2021
Javier Olmedo
Med.
Linux Kernel 2.6.19 < 5.9 Netfilter Local Privilege Escalation
23.07.2021
Nguyen
Med.
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
21.07.2021
Pierre Kim
High
WordPress Popular Posts 5.3.2 Shell Upload
15.07.2021
Simone Cristofaro
High
Church Management System 1.0 Shell Upload / SQL Injection
09.07.2021
Eleonora Guardini
High
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
08.07.2021
Patrik Lantz
High
WordPress SP Project And Document Manager 4.21 Shell Upload
08.07.2021
Ron Jost
High
Exam Hall Management System 1.0 Unrestricted File Upload (Unauthenticated)
07.07.2021
Thamer Almohammadi (@T...
Med.
Visual Tools DVR VX16 4.2.28 Privilege Escalation
07.07.2021
Andrea D'Ubaldo
Med.
WinWaste.NET 1.0.6183.16475 Privilege Escalation due Incorrect Access Control
02.07.2021
Andrea Intilangelo
High
WordPress Modern Events Calendar 5.16.2 Shell Upload
02.07.2021
Ron Jost
Med.
Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
30.06.2021
Florian Bogner
Low
ICE Hrm 29.0.0.OS xml upload Stored Cross-Site Scripting
27.06.2021
*Piyush Patil *& Rafal...
High
rConfig Shell Upload
26.06.2021
Murat Seker
High
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload
24.06.2021
Alexandre Zanni
Med.
Remote Mouse GUI 3.008 Local Privilege Escalation
21.06.2021
Salman Asad
High
OpenEMR 5.0.1.3 Shell Upload
14.06.2021
Ron Jost
High
ProjeQtOr Project Management 9.1.4 Shell Upload
01.06.2021
Temel Demir
Med.
QNAP MusicStation / MalwareRemover File Upload / Command Injection
28.05.2021
polict
High
Pluck CMS 4.7.13 File Upload Remote Code Execution (Authenticated)
26.05.2021
Ron Jost (Hacker5preme...
High
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
25.05.2021
Emir Polat
Med.
Splinterware System Scheduler Professional 5.30 Privilege Escalation
25.05.2021
Andrea Intilangelo
Med.
DELL dbutil_2_3.sys 2.3 Arbitrary Write to Local Privilege Escalation (LPE)
21.05.2021
Paolo Stagno aka VoidS...
High
Subrion CMS 4.2.1 Shell Upload
19.05.2021
Fellipe Oliveira
Med.
Microsoft Windows TokenMagic Privilege Escalation
18.05.2021
James Forshaw
High
Printable Staff ID Card Creator System 1.0 Shell Upload / SQL Injection
17.05.2021
bwnz
High
Customer Relationship Management (CRM) System 1.0 Shell Upload
13.05.2021
Richard Jones
High
ScadaBR 1.0 / 1.1CE Windows Shell Upload
13.05.2021
Fellipe Oliveira
Med.
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
07.05.2021
LiquidWorm
High
WordPress WP Super Edit 2.5.4 Arbitrary File Upload
06.05.2021
h4shur
High
Internship Portal Management System 1.0 Remote Code Exec
04.05.2021
argenestel
Med.
Microsoft Windows UAC Privilege Escalation
02.05.2021
Stefan Kanthak
High
GNU wget Arbitrary File Upload / Code Execution
30.04.2021
Dawid Golunski
High
FOGProject 1.5.9 File Upload RCE (Authenticated)
29.04.2021
sml@lacashita.com
High
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation
27.04.2021
Stefan Kanthak
Med.
Plantronics HUB 3.21 Privilege Escalation
20.04.2021
redtimmysec
High
Phone Shop Sales Management System 1.0 Shell Upload
20.04.2021
Richard Jones
High
Native Church Website 1.0 Shell Upload
13.04.2021
Richard Jones
High
Composr 10.0.36 Shell Upload
08.04.2021
Orion Hridoy
Med.
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
02.04.2021
LiquidWorm
High
ScadaBR 1.0 Arbitrary File Upload Authenticated
01.04.2021
Fellipe Oliveira
High
FortiLogger Arbitrary File Upload
27.03.2021
Berkan Er
High
Development Kamel KCFinder 1.7 Shell Upload
26.03.2021
Rayan Ali
Med.
Intel RST User Interface / Driver Privilege Escalation
24.03.2021
Stefan Kanthak
High
CMS Made Simple 2.2.15 Shell Upload
22.03.2021
Riccardo Krauter
High
rConfig 3.9.6 Shell Upload
18.03.2021
Murat Seker
High
VestaCP 0.9.8 File Upload CSRF
17.03.2021
Fady Othman
High
SonLogger 4.2.3.3 Shell Upload
16.03.2021
Berkan Er
High
Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection
16.03.2021
Christian Vierschillin...
High
Monitoring System (Dashboard) 1.0 Shell Upload
13.03.2021
Richard Jones
Med.
NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation
11.03.2021
LiquidWorm
Med.
Microsoft Windows Containers Privilege Escalation
10.03.2021
James Forshaw
High
FortiLogger 4.4.2.2 Unauthenticated Arbitrary File Upload (Metasploit)
09.03.2021
Berkan Er
High
VMware vCenter Server File Upload / Remote Code Execution
08.03.2021
mr_me
High
Hotel And Lodge Management System 1.0 Shell Upload
08.03.2021
Christian Vierschillin...
High
FortiLogger 4.4.2.2 Arbitrary File Upload
01.03.2021
Berkan Er
High
VMware vCenter Server 7.0 Unauthenticated File Upload
01.03.2021
Photubias
High
Zenphoto CMS 1.5.7 Shell Upload
28.02.2021
Abdulaziz Almisfer
High
Simple Employee Records System 1.0 Shell Upload
28.02.2021
sML
High
Simple Employee Records System 1.0 File Upload RCE (Unauthenticated)
26.02.2021
sml@lacashita.com
Med.
Millewin 13.39.146.1 Local Privilege Escalation
21.02.2021
Andrea Intilangelo
Med.
Apport 2.20 Privilege Escalation
18.02.2021
Gr33nh4t
High
TestLink 1.9.20 Shell Upload
15.02.2021
snovvcrash
Med.
Solaris 10 1/13 (Intel) dtprintinfo Local Privilege Escalation (2)
14.02.2021
Marco Ivaldi
High
Discord Probot Arbitrary File Upload
09.02.2021
thelastvvv
Med.
Solaris 10 1/13 (SPARC) dtprintinfo Local Privilege Escalation
03.02.2021
Marco Ivaldi
High
Voting System 1.0 Shell Upload
20.01.2021
Richard Jones
High
Church Rota 2.6.4 Shell Upload
20.01.2021
Rob McCarthy
High
Life Insurance Management System 1.0 Shell Upload
18.01.2021
Aitor Herrero
High
E-Learning System 1.0 SQL Injection / Shell Upload
15.01.2021
Saurav Shukla
Med.
FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS
14.01.2021
Pierre Kim
Med.
Cloud Filter Arbitrary File Creation / Privilege Escalation
13.01.2021
Grant Willcox
Med.
SmartAgent 3.1.0 Privilege Escalation
13.01.2021
Orion Hridoy
High
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
13.01.2021
h00die
High
WordPress wpDiscuz 7.0.4 Shell Upload
10.01.2021
Hoa Nguyen
High
WordPress Plugin Autoptimize 2.7.6 Authenticated Arbitrary File Upload (Metasploit)
10.01.2021
Hoa Nguyen
High
Employee Record System 1.0 Shell Upload
09.01.2021
Saeed Bala Ahmed
High
WordPress Autoptimize Shell Upload
08.01.2021
Hoa Nguyen
Med.
PaperStream IP (TWAIN) 1.42.0.5685 Local Privilege Escalation
07.01.2021
1F98D
High
Rock RMS File Upload / Account Takeover / Information Disclosure
04.01.2021
Cyber Security Researc...
High
Resumes Management And Job Application Website 1.0 Shell Upload
04.01.2021
Arnav Tripathy
High
WordPress Adning Advertising 1.5.5 Shell Upload
25.12.2020
spacehen
Med.
SUPREMO 4.1.3.2348 Privilege Escalation
23.12.2020
Victor Gil
Med.
Android Studio Privilege Escalation
23.12.2020
houjingyi
High
Microsoft Windows DrawIconEx Local Privilege Escalation
16.12.2020
timwr


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
2019-09-04
Medium
CVE-2019-10709

Vendor: ASUS
Software: Precision to...
 

 
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top