Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-20871
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to ...
6.9
CVSSv2
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
7.2
CVSSv2
CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
Novell Netware Client 4.91
1 EDB exploit
8.5
CVSSv2
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
7.2
CVSSv2
CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security prior to 2013.3495 Hot Fix 18 and 2015.x prior to 2015.5315 and Protection prior to 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Avg Protection
Avg Internet Security
1 EDB exploit
6.4
CVSSv2
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
4.6
CVSSv2
CVE-2011-1496
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
Nicholas Marriott Tmux 1.3
Nicholas Marriott Tmux 1.4
1 EDB exploit
NA
CVE-2022-20775
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabi...
Cisco Sd-wan Vbond Orchestrator
Cisco Sd-wan Vbond Orchestrator 20.8
Cisco Sd-wan Vsmart Controller 20.8
Cisco Sd-wan Vsmart Controller
Cisco Catalyst Sd-wan Manager 20.8
Cisco Catalyst Sd-wan Manager
Cisco Sd-wan
Cisco Sd-wan 20.8
7.5
CVSSv2
CVE-2005-0305
CRLF injection vulnerability in users.php in Siteman 1.1.10 and previous versions allows remote malicious users to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Siteman Siteman 1.1.10
Siteman Siteman 1.1.9
2 EDB exploits
NA
CVE-2022-20818
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabi...
Cisco Sd-wan Vbond Orchestrator
Cisco Sd-wan Vmanage
Cisco Sd-wan Vsmart Controller
Cisco Sd-wan
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »