PT-2025-39306

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...

CVE-2020-36831

The CVE-2020-36831 issue affects the WordPress plugin NextScripts: Social Networks Auto-Poster (versions up to and including 4.3.17). The root cause is missing capability checks across multiple user privilege/security functions, causing an authorization bypass that could let low-privileged users ...

CVE-2024-43423

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed...

CVE-2024-43423

CVE-2024-43423 affects Dover Fueling Solutions ProGauge MAGLINK LX4 CONSOLE (and LX) web applications, describing a hard-coded administrator password that cannot be changed. Root cause: hard-coded admin credentials in the web UI, enabling full device access; CVSS scores indicate high risk (3.1/AV...

CVE-2024-6435 Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

CVE-2023-32484

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical...

CVE-2023-32484

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical...

Dell SmartFabric Storage Software Elevation of Privilege Vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. An elevation of privilege vulnerability exists in Dell SmartFabric Storage Software that originates from the inclusion of incorrect input validation. An attacker could exploit the vulnerability to elevate...

Fancy Product Designer < 4.7.5 - Admin+ SQL Injection

The plugin is vulnerable to SQL Injection due to insufficient escaping and validation of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information...

CVE-2021-27483

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user...

CVE-2020-3140 Cisco Prime License Manager Privilege Escalation Vulnerability

A vulnerability in the web management interface of Cisco Prime License Manager PLM Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An...

BD FACSLyric (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: FACSLyric Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated medical device advisory is a follow-up to the original advisory titled ICSMA-19-029-02 BD...

Input validation

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploi...

CVE-2018-0318

Cisco Prime Collaboration Provisioning (PCP) Password Reset Vulnerability (CVE-2018-0318) allows an unauthenticated, remote attacker to gain administrative privileges by abusing weak validation in the password reset function. Affected releases: PCP 11.6 and prior. The issue stems from insufficien...

CVE-2018-0319

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could...

Unauthorized Modification

The filebrowser-safe library is vulnerable to unauthorized modification attacks. filebrowser-safe has a directory traversal issue which allows an authenticated administrative level user to rename or delete files under the static directory, above the filebrowser uploads directory. This level of...

Apache Ambari 1.7.0 - 2.1.0 Privilege Escalation Vulnerability

Apache Ambari is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:ambari";...

phpMyWebhosting SQL Injection Exploit

No description provided by source. !/usr/bin/perl Exploit code by Noam Rathaus of Beyond Security Ltd. The following exploit code will use a valid username and password combination, to cause an SQL injection. Using the SQL injection, the Perl script elevates the privileges of the user provided to...