Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
7.8
CVSSv3
CVE-2022-20775
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabi...
Cisco Sd-wan Vbond Orchestrator
Cisco Sd-wan Vbond Orchestrator 20.8
Cisco Sd-wan Vsmart Controller 20.8
Cisco Sd-wan Vsmart Controller
Cisco Catalyst Sd-wan Manager 20.8
Cisco Catalyst Sd-wan Manager
Cisco Sd-wan
Cisco Sd-wan 20.8
9.1
CVSSv3
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
7.8
CVSSv3
CVE-2018-6947
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and previous versions allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for ...
Nomachine Nomachine
Microsoft Windows 10
Microsoft Windows 8
Microsoft Windows 7
2 EDB exploits
7.8
CVSSv3
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a servic...
Kioware Kioware Server
1 EDB exploit
NA
CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
Novell Netware Client 4.91
1 EDB exploit
7.4
CVSSv3
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
NA
CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Apple Cups 1.3.8
1 EDB exploit
NA
CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security prior to 2013.3495 Hot Fix 18 and 2015.x prior to 2015.5315 and Protection prior to 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Avg Protection
Avg Internet Security
1 EDB exploit
NA
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »