Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2014-1889
The Group creation process in the Buddypress plugin prior to 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
Buddypress Buddypress
1 EDB exploit
7.8
CVSSv3
CVE-2017-6178
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
Usbpcap Project Usbpcap 1.1.0.0
1 EDB exploit
NA
CVE-2011-0727
GNOME Display Manager (gdm) 2.x prior to 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Gnome Gdm 2.5
Gnome Gdm 2.2
Gnome Gdm 2.30
Gnome Gdm 2.25
Gnome Gdm 2.19
Gnome Gdm 2.22
Gnome Gdm 2.16
Gnome Gdm 2.13
Gnome Gdm 2.15
Gnome Gdm 2.4
Gnome Gdm 2.21
Gnome Gdm 2.27
Gnome Gdm 2.3
Gnome Gdm 2.23
Gnome Gdm 2.20
Gnome Gdm 2.6
Gnome Gdm 2.8
Gnome Gdm 2.26
Gnome Gdm 2.31
Gnome Gdm 2.28
Gnome Gdm 2.18
Gnome Gdm 2.14
NA
CVE-2008-2232
The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.
Afuse Afuse 0.2
7.8
CVSSv3
CVE-2018-10900
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an malicious user to execute arbi...
Gnome Network Manager Vpnc
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
NA
CVE-2014-0476
The slapper function in chkrootkit prior to 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Chkrootkit Chkrootkit
Canonical Ubuntu Linux 10.04
2 EDB exploits
8.8
CVSSv3
CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by...
Splunk Splunk Cloud Platform
Splunk Splunk
1 Metasploit module
3 Github repositories
NA
CVE-2013-4011
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Ibm Aix 7.1
Ibm Aix 6.1
Ibm Vios 2.2.2.2
2 EDB exploits
7.8
CVSSv3
CVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and previous versions allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
Solarwinds Virtualization Manager
1 EDB exploit
4.8
CVSSv3
CVE-2016-5237
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
Valvesoftware Steamos
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »