Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
Low
PlayTube 3.0.1 Information Disclosure
05.09.2023
CraCkEr
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
HanYazilim Paper Submission System .NET v1.0 Privilege Escalation / Backdoor Access
22.02.2019
KingSkrupellos
Low
Calamp.com Incorrect Privilege Assignment
15.05.2018
Vangelis Stykas
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2024-02-13
CVE-2023-6815
Updating...
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
2023-09-13
CVE-2023-4153
Updating...
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.
2023-07-25
CVE-2023-39173
Updating...
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
2023-04-12
CVE-2023-1874
Updating...
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.
2022-08-05
CVE-2022-2626
Updating...
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
2022-04-04
Low
CVE-2022-1225
Vendor:
Phpipam
Software:
Phpipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
2021-05-26
Medium
CVE-2020-10695
Vendor:
Redhat
Software:
Single sign-on
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.
2021-04-19
CVE-2021-20208
Updating...
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
2021-03-24
Medium
CVE-2019-19353
Vendor:
Redhat
Software:
Openshift co...
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Medium
CVE-2019-19352
Vendor:
Redhat
Software:
Openshift co...
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Copyright
2024
, cxsecurity.com
Back to Top