Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
administrator privileges vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2021-20079
Nessus versions 8.13.2 and previous versions were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
Tenable Nessus
NA
CVE-2003-0395
Ultimate PHP Board (UPB) 1.9 allows remote malicious users to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
Myupb Ultimate Php Board 1.9
1 EDB exploit
5.4
CVSSv3
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
7.8
CVSSv3
CVE-2023-25011
PC settings tool Ver10.1.26.0 and previous versions, PC settings tool Ver11.0.22.0 and previous versions allows a malicious user to write to the registry as administrator privileges with standard user privileges.
Nec Pc Settings Tool
8.8
CVSSv3
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
NA
CVE-2004-1652
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
Brickhost Phpscheduleit 1.0
7.2
CVSSv3
CVE-2023-30459
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
Smartptt Smartptt Scada 1.1
1 Github repository
4.8
CVSSv3
CVE-2022-1027
The Page Restriction WordPress (WP) WordPress plugin prior to 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
Minioragne Page Restriction
NA
CVE-2015-3202
fusermount in FUSE prior to 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Debian Debian Linux 8.0
Fuse Project Fuse
1 EDB exploit
6.6
CVSSv3
CVE-2022-44244
An authentication bypass in Lin-CMS v0.2.1 allows malicious users to escalate privileges to Super Administrator.
Lin-cms Project Lin-cms 0.2.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »