mjolnir 安全漏洞

mjolnir is a Matrix open source auditing tool for Matrix. A security vulnerability exists in mjolnir version v1.9.0 that stems from the bot responding to administrative commands in any room, which could allow non-operator users to utilize the bot's functionality...

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

Privilege escalation

A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated sudo permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions an...

PT-2018-14514 · Vyos · Vyos

Name of the Vulnerable Software and Affected Versions: VyOS version 1.1.8 Description: A privilege escalation issue was found, allowing operator users to execute the pppd binary with elevated permissions due to the default configuration. The issue is exacerbated by improper validation of certain...

CVE-2003-0640

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges...

CVE-2003-0640

BEA WebLogic Server and Express are affected when NodeManager is used to start servers. Operator users can overwrite usernames and passwords, which may enable escalation to Admin privileges. The available documents confirm this description but do not specify affected versions or concrete exploit ...