Privilege Escalation

libuv.so is vulnerable to privilege escalation. The vulnerability exists in the uvprocesschildinit function in process.c due to improper configurations of group privilege downgrade which allows an attacker to gain privileges via unspecified vectors...

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker's...

Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

Cross site request forgery (csrf)

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

CVE-2022-34158 User Group Privilege Escalation

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

trousers: fails to drop the root gid privilege when no longer needed

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed...

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

USN-3146-2: Linux kernel Xenial HWE vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the getuserasmex implementation in the Linux kernel for x86/x8664 contained extended asm statements that were incompatible with the...

CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors...

CVE-2005-4443

Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH...

Mandrake Linux Security Advisory : minicom (MDKSA-2001:051)

Several format string vulnerabilities exist in the minicom program. These bugs can be exploited to obtain group uucp privilege. A simple fix is to simply remove the setgid bit on /usr/bin/minicom, however these new packages introduce some fixes for the vulnerabilities through a patch from Red Hat...

Security Advisory 2001-014: dump(8) exposes 'tty' group

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-014 ================================= Topic: dump8 exposes 'tty' group Version: NetBSD-current: source prior to August 8, 2001 NetBSD 1.5.1: affected NetBSD 1.5: affected NetBSD 1.4.x: all affected Severity: local users can gain tty...

FreeBSD-SA-01:55.procfs

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:55 Security Advisory FreeBSD, Inc. Topic: procfs vulnerability leaks setugid process memory Category: core Module: procfs Announced: 2001-08-21 Credits: Joost Pol Affects...

SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-04 Topic: Solaris dtmail Buffer Overflow Vulnerability Release DateЈє 2001-7-24 CVE CAN ID : CAN-2001-0548 BUGTRAQ ID : 3081 Affected system: ================ Sun Solaris 2.6 SPARC/x86 Sun Solaris 7 SPARC/x86 Not affected system: ==================== Sun Solaris 8...

CVE-2001-0424

BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id...