PT-2026-48389

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

PT-2025-6711 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.4 through 7.5 Description: A database access denial of service can occur due to a bypass of a database capabilities restriction check. This allows a privileged bad actor to remove or impact database infrastructure files,...

CVE-2013-2200

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors...

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

PT-2001-2176 · Freebsd +1 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH on FreeBSD versions 4.4 and earlier Description: The issue allows local users to bypass capabilities checks and read arbitrary files by specifying alternate copyright or welcome files, due to libutil in OpenSSH not dropping privileges...