Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a servic...
Kioware Kioware Server
1 EDB exploit
NA
CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security prior to 2013.3495 Hot Fix 18 and 2015.x prior to 2015.5315 and Protection prior to 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Avg Protection
Avg Internet Security
1 EDB exploit
NA
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
1 EDB exploit
7.4
CVSSv3
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
NA
CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
Novell Netware Client 4.91
1 EDB exploit
7.8
CVSSv3
CVE-2018-6947
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and previous versions allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for ...
Nomachine Nomachine
Microsoft Windows 10
Microsoft Windows 8
Microsoft Windows 7
2 EDB exploits
7.8
CVSSv3
CVE-2014-8347
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
Claris Filemaker Pro 13.03
Claris Filemaker Pro Advanced 12.0.4.0
1 EDB exploit
6.8
CVSSv3
CVE-2021-34546
An unauthenticated attacker with physical access to a computer with NetSetMan Pro prior to 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via ...
Netsetman Netsetman
7.5
CVSSv3
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
8.8
CVSSv3
CVE-2017-6896
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an malicious user to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
Digisol Dg-hr1400 Router Firmware 1.00.02
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »