20 matches found
EUVD-2019-2436
Malware in sbrugna...
EUVD-2024-42182
Malicious code in bioql PyPI...
EUVD-2024-52020
Malicious code in bioql PyPI...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2021-24265
The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method...
CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...
CVE-2024-0832
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package...
CVE-2024-8256
CVE-2024-8256 affects Teltonika Networks RUTOS and TSWOS devices due to incorrect permission handling in the API, enabling a lower-privileged user with default permissions to access critical device resources. Affected: RUTOS versions 7.0–7.7/7.8 exclusion (per PT-2024-38894 and CVE docs) and TSWO...
CVE-2024-53672
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...
CVE-2024-53672
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...
CVE-2024-53672 Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...
PT-2024-35803 · Aruba · Clearpass Policy Manager
Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successfu...
CVE-2024-29863
Qlikview contains a local privilege escalation in its MSI installer. The Red Team PoC shows a race condition during MSI repair (msiexec /fa) that causes the installer to load a DLL from C:\Users\AppData\Local\Temp, which an unprivileged user can replace in a narrow window to execute code as NT AU...
Privilege escalation
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation...
CVE-2024-0219 Privilege Elevation via Telerik JustDecompile Installer
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation...
PT-2022-13939 · Gruntjs +3 · Gruntjs +3
Name of the Vulnerable Software and Affected Versions: GruntJS versions prior to 1.5.3 Description: The issue concerns a TOCTOU Time-of-Check-to-Time-of-Use race condition in file.copy operations. This can lead to arbitrary file writes, potentially resulting in local privilege escalation if a...
CVE-2020-4271
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897...
CVE-2020-4271
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2017-2335
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...