Lucene search
K

343 matches found

Prion
Prion
added 2018/10/10 1:29 p.m.15 views

Privilege escalation

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016,...

7.2CVSS7.8AI score0.0307EPSS
Exploits2References4Affected Software5
RedhatCVE
RedhatCVE
added 2018/09/24 8:19 p.m.33 views

CVE-2018-16597

An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...

5.5CVSS4.6AI score0.00542EPSS
Exploits0References2
Typo3
Typo3
added 2018/08/09 12:0 a.m.10 views

Missing Access Check in extension "Register to tt_address" (registeraddress)

Due to a missing access check, it is possible to delete certain ttaddress records...

6.8AI score
Exploits0Affected Software1
CVE
CVE
added 2018/06/21 11:0 a.m.66 views

CVE-2018-0337

Summary of CVE-2018-0337: Cisco NX-OS Software contains a vulnerability in the role-based access-checking mechanisms. An authenticated, local attacker could exploit improper input/validation checks for certain file systems by issuing crafted CLI commands, potentially causing other users to execut...

7.8CVSS7.8AI score0.00314EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.43 views

NTFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially...

7CVSS4.1AI score0.0106EPSS
Exploits0
Prion
Prion
added 2018/05/16 9:29 p.m.23 views

Null pointer dereference

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request...

4.3CVSS5.8AI score0.08942EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/16 9:29 p.m.2 views

ALPINE-CVE-2018-1172

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request...

5.9CVSS6.9AI score0.08942EPSS
Exploits0References1
exploitpack
exploitpack
added 2018/05/16 12:0 a.m.25 views

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after proces...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/16 12:0 a.m.40 views

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user process to bypass access checks for trust labels...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2018/02/22 12:0 a.m.39 views

Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Linux

Drupal is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS6.6AI score0.01644EPSS
Exploits1References1
OSV
OSV
added 2018/02/21 8:12 p.m.4 views

DRUPAL-CONTRIB-2018-015

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...

6.7AI score
Exploits0References1
Drupal
Drupal
added 2017/08/02 12:0 a.m.16 views

Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058

This module enables you to automatically link keywords to specific URLs. This module has an insufficient access check on the delete route. Alinks uses the wrong permission for an access check. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with...

7.1AI score
Exploits0References12
OSV
OSV
added 2017/04/13 3:59 a.m.3 views

CVE-2017-7627

The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php there is a missing JEXEC check...

5.3CVSS5.8AI score0.0072EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/03 8:6 a.m.8 views

kernel: overlayfs file truncation without permissions

An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...

5.5CVSS7.1AI score0.00542EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2016/10/18 12:0 a.m.62 views

Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872 Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The DeviceApi CMApi PiCMOpenClassKey IOCTL allo...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/20 12:0 a.m.22 views

FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)

TYPO3 reports : Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...

8.1CVSS7.7AI score0.02575EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 2016/05/24 9:55 a.m.8 views

Missing Access Check in TYPO3 CMS

More info at https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/...

7.2AI score
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2016/05/24 12:0 a.m.49 views

typo3 -- Missing access check in Extbase

TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must...

8.1CVSS3.1AI score0.02575EPSS
Exploits0References3
Typo3
Typo3
added 2016/05/24 12:0 a.m.508 views

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...

8.7AI score0.02575EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/11/10 12:0 a.m.18 views

Microsoft Windows Kernel Security Feature Bypass (MS15-115: CVE-2015-6113)

A kernel security feature bypass vulnerability has been reported in Microsoft Windows. A remote attacker may exploit this vulnerability by calling a procedure which bypasses access check and allows privileged file access...

2.1CVSS6.2AI score0.0204EPSS
Exploits0
Rows per page
Query Builder