343 matches found
Privilege escalation
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016,...
CVE-2018-16597
An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...
Missing Access Check in extension "Register to tt_address" (registeraddress)
Due to a missing access check, it is possible to delete certain ttaddress records...
CVE-2018-0337
Summary of CVE-2018-0337: Cisco NX-OS Software contains a vulnerability in the role-based access-checking mechanisms. An authenticated, local attacker could exploit improper input/validation checks for certain file systems by issuing crafted CLI commands, potentially causing other users to execut...
NTFS Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially...
Null pointer dereference
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request...
ALPINE-CVE-2018-1172
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request...
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after proces...
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user process to bypass access checks for trust labels...
Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Linux
Drupal is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DRUPAL-CONTRIB-2018-015
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...
Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058
This module enables you to automatically link keywords to specific URLs. This module has an insufficient access check on the delete route. Alinks uses the wrong permission for an access check. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with...
CVE-2017-7627
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php there is a missing JEXEC check...
kernel: overlayfs file truncation without permissions
An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872 Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The DeviceApi CMApi PiCMOpenClassKey IOCTL allo...
FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)
TYPO3 reports : Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...
Missing Access Check in TYPO3 CMS
More info at https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/...
typo3 -- Missing access check in Extbase
TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...
Missing Access Check in TYPO3 CMS
It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...
Microsoft Windows Kernel Security Feature Bypass (MS15-115: CVE-2015-6113)
A kernel security feature bypass vulnerability has been reported in Microsoft Windows. A remote attacker may exploit this vulnerability by calling a procedure which bypasses access check and allows privileged file access...