Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
local users vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-4306
IBM Planning Analytics Local 2.0.0 up to and including 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru...
Ibm Planning Analytics Local
4.3
CVSSv2
CVE-2018-1676
IBM Planning Analytics 2.0.0 up to and including 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...
Ibm Planning Analytics Local
NA
CVE-2023-28520
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-F...
Ibm Planning Analytics Local 2.0.0
6.2
CVSSv2
CVE-2014-8727
Multiple directory traversal vulnerabilities in F5 BIG-IP prior to 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tm...
F5 Big-ip Local Traffic Manager
1 EDB exploit
4.9
CVSSv2
CVE-2013-3278
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
Emc Vplex Geo -
Emc Geosynchrony
Emc Vplex Local -
Emc Vplex Metro -
2.1
CVSSv2
CVE-2005-0421
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
Delphiturk Delphiturk Ftp 1.0
1 EDB exploit
4.4
CVSSv2
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.8
Puppet Puppet 2.7.7
Puppet Puppet 2.7.3
Puppet Puppet 2.7.2
6.9
CVSSv2
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
3.3
CVSSv2
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.7
Puppet Puppet 2.7.6
Puppet Puppet 2.7.5
2.1
CVSSv2
CVE-2012-1101
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
Systemd Project Systemd 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »