Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-0305
CRLF injection vulnerability in users.php in Siteman 1.1.10 and previous versions allows remote malicious users to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Siteman Siteman 1.1.10
Siteman Siteman 1.1.9
2 EDB exploits
8.5
CVSSv2
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
4.6
CVSSv2
CVE-2014-8347
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
Claris Filemaker Pro 13.03
Claris Filemaker Pro Advanced 12.0.4.0
1 EDB exploit
7.2
CVSSv2
CVE-2021-34546
An unauthenticated attacker with physical access to a computer with NetSetMan Pro prior to 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via ...
Netsetman Netsetman
6.9
CVSSv2
CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Apple Cups 1.3.8
1 EDB exploit
6.5
CVSSv2
CVE-2017-6896
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an malicious user to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
Digisol Dg-hr1400 Router Firmware 1.00.02
1 EDB exploit
7.2
CVSSv2
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a servic...
Kioware Kioware Server
1 EDB exploit
NA
CVE-2022-20818
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabi...
Cisco Sd-wan Vbond Orchestrator
Cisco Sd-wan Vmanage
Cisco Sd-wan Vsmart Controller
Cisco Sd-wan
1 Github repository
4.6
CVSSv2
CVE-2011-1496
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.
Nicholas Marriott Tmux 1.3
Nicholas Marriott Tmux 1.4
1 EDB exploit
7.2
CVSSv2
CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security prior to 2013.3495 Hot Fix 18 and 2015.x prior to 2015.5315 and Protection prior to 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Avg Protection
Avg Internet Security
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »