1151 matches found
Privilege escalation
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.220170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges...
CVE-2017-12711
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.220170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges...
CVE-2017-12711
CVE-2017-12711 affects Advantech WebAccess prior to V8.2_20170817. The root cause is an Incorrect Privilege Assignment where a built-in user account has been granted a sensitive privilege, potentially allowing elevation to administrative privileges. Impact is elevated access with high severity (p...
CVE-2017-1000082
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...
IBM QRadar SIEM Incorrect Privilege Assignment Local Elevation of Privilege Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM...
Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20151119)
A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. CVE-2015-1867 The pacemaker packages have be...
CVE-2013-0676
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
Information disclosure
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
CVE-2013-0676
Siemens WinCC (before 7.2; in SIMATIC PCS7 before 8.0 SP1) stores WebNavigator credentials in an MS SQL database and fails to properly restrict privileges. This Improper Authorization allows remote authenticated users to read sensitive data via SQL queries. Impact includes exposure of credentials...
CVE-2007-6051
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the 1 DB2ADMNS and 2 DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related...
Authentication flaw
The 1 Aruba Mobility Controllers 200, 600, 2400, and 6000 and 2 Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN...