Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2014-8347
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
Claris Filemaker Pro 13.03
Claris Filemaker Pro Advanced 12.0.4.0
1 EDB exploit
NA
CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Apple Cups 1.3.8
1 EDB exploit
7.5
CVSSv3
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
NA
CVE-2011-1496
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
Nicholas Marriott Tmux 1.3
Nicholas Marriott Tmux 1.4
1 EDB exploit
6.8
CVSSv3
CVE-2021-34546
An unauthenticated attacker with physical access to a computer with NetSetMan Pro prior to 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via ...
Netsetman Netsetman
7.8
CVSSv3
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a servic...
Kioware Kioware Server
1 EDB exploit
7.4
CVSSv3
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
NA
CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
Novell Netware Client 4.91
1 EDB exploit
NA
CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security prior to 2013.3495 Hot Fix 18 and 2015.x prior to 2015.5315 and Protection prior to 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Avg Protection
Avg Internet Security
1 EDB exploit
9.1
CVSSv3
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »