Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2018-18859
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client up to and including 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kern...
Liquidvpn Liquidvpn
1 EDB exploit
4
CVSSv2
CVE-2014-1889
The Group creation process in the Buddypress plugin prior to 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
Buddypress Buddypress
1 EDB exploit
6.9
CVSSv2
CVE-2011-0727
GNOME Display Manager (gdm) 2.x prior to 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Gnome Gdm 2.2
Gnome Gdm 2.3
Gnome Gdm 2.16
Gnome Gdm 2.17
Gnome Gdm 2.0
Gnome Gdm 2.14
Gnome Gdm 2.15
Gnome Gdm 2.22
Gnome Gdm 2.23
Gnome Gdm 2.30
Gnome Gdm 2.31
Gnome Gdm 2.4
Gnome Gdm 2.5
Gnome Gdm 2.6
Gnome Gdm 2.18
Gnome Gdm 2.19
Gnome Gdm 2.26
Gnome Gdm 2.27
Gnome Gdm 2.8
Gnome Gdm 2.13
Gnome Gdm 2.20
Gnome Gdm 2.21
4.6
CVSSv2
CVE-2017-6178
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
Usbpcap Project Usbpcap 1.1.0.0
1 EDB exploit
8.5
CVSSv2
CVE-2018-13110
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
Adbglobal Dv2210 Firmware -
Adbglobal Vv2220 Firmware -
Adbglobal Vv5522 Firmware -
Adbglobal Prg Av4202n Firmware -
1 EDB exploit
9
CVSSv2
CVE-2014-2197
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software prior to 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a craft...
Cisco Unified Cdm Application Software
Cisco Unified Communications Domain Manager -
10
CVSSv2
CVE-2014-2198
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software prior to 4.4.2 has a hardcoded SSH private key, which makes it easier for remote malicious users to obtain access to the support and root accounts by extracting this key from a binary file found in...
Cisco Unified Cdm Platform Software
Cisco Unified Communications Domain Manager -
7.5
CVSSv2
CVE-2014-3300
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software prior to 10 does not properly implement access control, which allows remote malicious users to modify user information via a crafted URL, aka Bug ID CS...
Cisco Unified Communications Domain Manager -
Cisco Unified Cdm Application Software 8.1
Cisco Unified Cdm Application Software
7.2
CVSSv2
CVE-2018-10900
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an malicious user to execute arbi...
Gnome Network Manager Vpnc
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
3.7
CVSSv2
CVE-2014-0476
The slapper function in chkrootkit prior to 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 13.10
Chkrootkit Chkrootkit
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »