3975 matches found
CVE-2018-11642
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...
Code injection
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...
CVE-2018-11642
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...
CVE-2018-11642
CVE-2018-11642 affects Dialogic PowerMedia XMS (3.5 and earlier). The flaw is an incorrect privilege assignment in the /var/www/xms/cleanzip.sh shell script that runs periodically, enabling a local attacker to execute code with root privileges. Connected documents corroborate the local-privation ...
TP-Link TL-WR841N V13 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Overview The web interface of the router is vulnerable to CSRF. An...
CVE-2018-0293
A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...
Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2017-1624)
Summary The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Vulnerability Details CVEID: CVE-2017-1624 DESCRIPTION: IBM QRadar specifies permissions for a security-critical resource in a way that allow...
Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722)
Summary The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Vulnerability Details CVE-ID: CVE-2016-9722 Description: IBM QRadar specifies permissions for a security-critical resource in a way that allo...
Security Bulletin: Incorrect Permission Assignment for Critical Resource vulnerability affects IBM Security Guardium (CVE-2017-1266 )
Summary IBM Security Guardium specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM Security Guardium has provided a fix for this vulnerability. Vulnerability Details CVEID: CVE-2017-1266 DESCRIPTION: IBM Securit...
Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-2877)
Summary The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Vulnerability Details CVE-ID: CVE-2016-2877 Description: IBM QRadar could allow a local user to write files to certain web accessible...
WordPress Tooltipy 5.0 Cross Site Scripting
Details ================ Software: Tooltipy tooltips for WP Version: 5.0 Homepage: https://wordpress.org/plugins/bluet-keywords-tooltip-generator/ Advisory report: https://advisories.dxw.com/advisories/xss-in-tooltipy/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N...
CalAmp lenderoutlook on colt.calamp-ts.com incorrect privilege assignment vulnerability
Calamp is a pioneer in M2M telematics, managing over 1.5M IoT devices. An incorrect privilege assignment vulnerability exists in CalAmp lenderoutlook on colt.calamp-ts.com. An attacker could exploit the vulnerability to obtain sensitive data...
GE MDS PulseNET Account Java RMI Incorrect Privilege Assignment Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the...
Unauthorised Downloads
Moodle is vulnerable to unauthorised downloads. It is possible because any authorized student with access to portfolio assignment caller class can change the download URL to download any files...
Code injection
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...
UBUNTU-CVE-2018-1134
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...
The vulnerability of the Intel Graphics Driver lies in a pointer swapping error, which allows attackers to escalate their privileges.
The vulnerability of the Intel Graphics Driver lies in a pointer assignment error. Exploiting this vulnerability can allow an attacker to gain increased privileges...
Calamp.com Incorrect Privilege Assignment
There is also a full write up on https://medium.com/@evstykas/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162 Vulnerability Security Advisory ======================================================================= title: Incorrect Privilege Assignment product: lenderoutlook on...
Microsoft Windows 10: Deny log on through Remote Desktop Services
This policy setting determines which users are prevented from logging on to the device through a Remote Desktop connection through Remote Desktop Services. It is possible for a user to establish a Remote Desktop connection to a particular server, but not be able to log on to the console of that...
Microsoft Windows 10: Allow log on through Remote Desktop Services
This policy setting determines which users or groups can access the logon screen of a remote device through a Remote Desktop Services connection. It is possible for a user to establish a Remote Desktop Services connection to a particular server but not be able to log on to the console of that sam...