Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mark wadham vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-7643
Proxifier for Mac prior to 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
Proxifier Proxifier
1 EDB exploit
7.8
CVSSv3
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) prior to 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
8.8
CVSSv3
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) prior to 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
7.8
CVSSv3
CVE-2017-16945
The standardrestorer binary in Arq 5.10 and previous versions for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
Haystacksoftware Arq
1 EDB exploit
7.8
CVSSv3
CVE-2017-16777
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
Hashicorp Vagrant 5.0.3
1 EDB exploit
7
CVSSv3
CVE-2017-15884
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
Hashicorp Vagrant Vmware Fusion 5.0.0
1 EDB exploit
7.8
CVSSv3
CVE-2017-12579
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and previous versions allows a non-root user to obtain a root shell.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
7.8
CVSSv3
CVE-2017-16895
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x prior to 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
Arqbackup Arq
1 EDB exploit
7.8
CVSSv3
CVE-2017-16928
The arq_updater binary in Arq 5.10 and previous versions for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Haystacksoftware Arq
1 EDB exploit
7.8
CVSSv3
CVE-2017-15918
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
Ignitum Sera 1.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »