Moodle Design Vulnerability (CNVD-2016-03328)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. There is a design flaw in Moodle. An attacker can view other users' badges with the he...

CloudBees Jenkins CI and Jenkins LTS Denial of Service Vulnerabilities

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

The vulnerability of the Samba file system allows a perpetrator to circumvent existing access restrictions.

The vulnerability of the samldbcheckuseraccountcontrolacl function in the Samba file system located in the samdb/ldbmodules/samldb.c file is related to improper privilege checking during the creation of computer accounts. Exploiting this vulnerability can allow a malicious actor to circumvent...

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek...

WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM

ISSUE DESCRIPTION NOTE: This advisory has been withdrawn XSETBV is a privileged instruction, i.e. should result in GP when issued by code running at other than the most privileged level CPL 0. Unlike other privileged and intercepted instructions in AMD SVM, XSETBV has the privilege level check do...

Paid Memberships Pro 1.7.14.2 Path Traversal

Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip Category: webapps CVE: CVE-2014-8801 1. Description getfile.php is...

CVE-2014-8595

arch/x86/x86emulate/x86emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service crash via a crafted 1 CALL, 2 JMP, 3 RETF, 4 LCALL, 5 LJMP, or 6 LRET far branch instruction...

IRIX 6.2/6.3/6.4 xfs truncate() Privilege Check Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1540/info The truncate system call on a number of versions of the IRIX operating system with the xfs file system does not properly check permissions before truncating a file, making it possible for unprivileged users to...

Design/Logic Flaw

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...

Kernel: AACRAID Driver compat IOCTL missing capability check

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...

OpenJDK: insufficient privilege checking issue (AWT, 7192977)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: insufficient privilege checking issue (AWT, 7192977)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: insufficient privilege checking issue (AWT, 8001057)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the...

CVE-2013-1901

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the 1 pgstartbackup or 2 pgstopbackup functions...

OpenJDK: insufficient privilege checking issue (AWT, 8001057)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the...

OpenJDK: insufficient privilege checking issue (AWT, 7192977)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: insufficient privilege checking issue (AWT, 7192977)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: insufficient privilege checking issue (AWT, 8001057)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the...

CVE-2013-1139

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134...

CVE-2013-1139

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134...