Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-18862
maidag in GNU Mailutils prior to 3.8 is installed setuid and allows local privilege escalation in the url mode.
Gnu Mailutils
1 EDB exploit
7.8
CVSSv3
CVE-2018-0438
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local malicious user to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is d...
Cisco Umbrella Enterprise Roaming Client
1 EDB exploit
7.8
CVSSv3
CVE-2023-36594
Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 11 22h2
Microsoft Windows 11 21h2
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 10 21h1
Microsoft Windows 10 22h2
NA
CVE-2014-4971
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Acces...
Microsoft Windows Xp
4 EDB exploits
NA
CVE-2024-1155
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
7.8
CVSSv3
CVE-2017-0358
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Tuxera Ntfs-3g
Debian Debian Linux 8.0
2 EDB exploits
9.1
CVSSv3
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
7.8
CVSSv3
CVE-2014-8347
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
Claris Filemaker Pro 13.03
Claris Filemaker Pro Advanced 12.0.4.0
1 EDB exploit
NA
CVE-2011-1496
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
Nicholas Marriott Tmux 1.3
Nicholas Marriott Tmux 1.4
1 EDB exploit
NA
CVE-2005-0305
CRLF injection vulnerability in users.php in Siteman 1.1.10 and previous versions allows remote malicious users to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Siteman Siteman 1.1.10
Siteman Siteman 1.1.9
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »