CVE-2020-10665

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker...

CVE-2025-10665

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible...

CVE-2025-10665

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible...

CVE-2024-10665

creationtimestamp| type| source ---|---|--- 2024-11-20 09:40:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113514621003193193 2024-11-20 09:44:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113514635485716870 2024-11-20 12:03:59+00:00| seen| https://t.me/cvedetector/115...

CVE-2024-10665 Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion

The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpayviewlogcallback and yaadpaydeletelogcallback functions in all versions up to, and including, 2.2.4. This makes it possible for...

CVE-2024-10665 Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion

The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpayviewlogcallback and yaadpaydeletelogcallback functions in all versions up to, and including, 2.2.4. This makes it possible for...

WordPress Yaad Sarig Payment Gateway For WC Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software Yaad Sarig Payment Gateway For WC Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10665 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3abf69feafbc Credits BrokenAC igno...

CVE-2020-10665

creationtimestamp| type| source ---|---|--- 2020-08-20 15:10:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1612...

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

CVE-2020-10665

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker...

CVE-2020-10665

CVE-2020-10665 affects Docker Desktop on Windows: local privilege escalation to NT AUTHORITY\SYSTEM due to mishandling of diagnostics collection with Administrator privileges, enabling arbitrary DACL overwrites and file writes. Affected products include Docker Desktop Enterprise before 2.1.0.9, D...

GHSA-W5R2-GVGF-MPM8 Improper Encoding or Escaping of Output and Injection in LibreNMS

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2019-10665

creationtimestamp| type| source ---|---|--- 2019-09-09 16:39:14+00:00| seen| https://t.me/cibsecurity/6603...

CVE-2019-10665

LibreNMS (through 1.50.x) contains input handling weaknesses in its graphing scripts (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php or html/graph.php) that allow injecting RRDtool syntax via newline characters. This occurs because several user-supplied fields are not...

CVE-2016-10665

CVE-2016-10665 affects the herbivore library (built on libtins) where binary resources are downloaded over HTTP (versions around 0.0.3 and below). The underlying issue is insecure HTTP fetching which enables aMan-in-the-middle (MITM) interception and substitution of requested binaries, with poten...

CVE-2017-10665

Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. dot dot in the file name...

CVE-2017-10665

The CVE affects Kayson Group phpGrid prior to version 7.2.5, where a directory traversal flaw in ajaxfileupload.php allows a remote attacker to upload a crafted file whose name contains .. to execute arbitrary code. This is a server-side path traversal issue in the file upload handling, enabling ...

CVE-2017-10665

Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. dot dot in the file name...