CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

SUSE CVE•added 2023/02/15 5:48 a.m.•1 views

SUSE CVE-2012-1053

The changeuser method in the SUIDManager lib/puppet/util/suidmanager.rb in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors...

6.9CVSS7.1AI score0.00044EPSS

Exploits0References4

Microsoft CVE•added 2020/09/25 12:0 a.m.•3 views

Oracle MySQL and MariaDB 5.5.x before 5.5.29 5.3.x before 5.3.12 and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

...

4CVSS9.3AI score0.03901EPSS

Exploits2

Zero Day Initiative•added 2017/09/15 12:0 a.m.•32 views

Trend Micro Mobile Security for Enterprise change_user Device_DeviceId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within processing of the changeuser action. When parsing the 'id' fiel...

9CVSS4.8AI score0.66335EPSS

Exploits0References1

OSV•added 2013/10/01 5:55 p.m.•1 views

AZL-6692 CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

4CVSS7.2AI score0.03901EPSS

Exploits2References1

OSV•added 2013/10/01 5:55 p.m.•0 views

UBUNTU-CVE-2012-5627

4CVSS7AI score0.03901EPSS

Exploits2References3