Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
administrator privileges vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-20079
Nessus versions 8.13.2 and previous versions were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
Tenable Nessus
3.5
CVSSv2
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
7.5
CVSSv2
CVE-2004-1652
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
Brickhost Phpscheduleit 1.0
6.5
CVSSv2
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
NA
CVE-2023-25011
PC settings tool Ver10.1.26.0 and previous versions, PC settings tool Ver11.0.22.0 and previous versions allows a malicious user to write to the registry as administrator privileges with standard user privileges.
Nec Pc Settings Tool
3.6
CVSSv2
CVE-2011-4406
The Ubuntu AccountsService package prior to 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
Canonical Ubuntu Linux 11.10
Canonical Accountsservice
3.5
CVSSv2
CVE-2022-1027
The Page Restriction WordPress (WP) WordPress plugin prior to 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
Minioragne Page Restriction
NA
CVE-2023-30459
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
Smartptt Smartptt Scada 1.1
1 Github repository
NA
CVE-2022-44244
An authentication bypass in Lin-CMS v0.2.1 allows malicious users to escalate privileges to Super Administrator.
Lin-cms Project Lin-cms 0.2.1
1 Github repository
NA
CVE-2023-32764
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.
Fabasoft Cloud -
Fabasoft Cloud Enterprise Client 23.3.0.130
Fabasoft Folio \\/ Egov-suite 2021
Fabasoft Folio \\/ Egov-suite 2022
Fabasoft Folio \\/ Egov-suite 2023
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »