196 matches found
CVE-2019-5593
Fortinet FortiOS is affected by CVE-2019-5593. The flaw arises from improper permission/value checking in the CLI console, allowing a non-privileged local attacker to obtain plaintext private keys of system certificates by unsetting the encryption password for built‑in certificates (FortiOS 6.2.0...
Protect
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...
Theme Editor < 2.2 - Multiple Vulnerabilities
Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities aside from CSRF requi...
WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities
Multiple vulnerabilities CSRF, insufficient permission checking, arbitrary file upload found by WebARX in WordPress Theme Editor plugin versions = 2.1. Solution Update the WordPress Theme Editor plugin to the latest available version at least 2.2...
Drupal 7.x < 7.57 Multiple Vulnerabilities (SA-CORE-2018-001)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.57. It is, therefore, affected by multiple vulnerabilities : - A flaw exists with the Drupal.checkPlain function due to improper handling of HTML injection. A remote attacker, with a...
Code injection
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking...
CVE-2015-3653
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-37.6.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393865 CVE-2016-4470 - ovl: fix permission checking for setattr Miklos Szeredi Orabug: 24393742 CVE-2015-8660...
MS15-001: Vulnerability in Windows Application Compatibility cache could allow elevation of privilege: January 13, 2015
None None...
Liferay Portal 6.1 - 6.0.x Privilege Escalation
No description provided by source. Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user c...
Amazon Linux AMI : mysql51 (ALAS-2012-145)
A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. CVE-2012-5611 C Tenable...
Joomla! -- XXS and DDoS vulnerabilities
The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...
[20130402] - Core - Information Disclosure
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances...
[20130401] - Core - Privilege Escalation
Inadequate permission checking allows unauthorised user to delete private messages...
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121207)
A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. CVE-2012-5611 After installi...
Important: mysql51
Issue Overview: A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. CVE-2012-561...
Liferay users can assign themselves to organizations, leading to possible privilege escalation
Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...
Liferay Portal Privilege Escalation
Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...
Liferay Portal 6.0.x 6.1 - Privilege Escalation
Liferay Portal 6.0.x 6.1 - Privilege Escalation Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserServi...