Lucene search
K

4529 matches found

Prion
Prion
added 2020/11/27 6:15 p.m.12 views

Remote code execution

An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges...

7.2CVSS8.6AI score0.00653EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/11/27 5:51 p.m.23 views

CVE-2020-28922

An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges...

8.7AI score0.00653EPSS
Exploits1References3
NVD
NVD
added 2020/11/13 9:15 p.m.30 views

CVE-2020-15481

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This cou...

7.8CVSS7.5AI score0.00642EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.14 views

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. PoC The PoC will be displayed once the issue has been remediated...

4.9AI score
Exploits0References1Affected Software1
OSV
OSV
added 2020/08/21 3:15 a.m.4 views

CVE-2020-24567

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuratio...

7.8CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2020/08/14 4:15 p.m.4 views

CVE-2020-7583

A vulnerability has been identified in Automation License Manager 5 All versions, Automation License Manager 6 All versions V6.0.8. The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify...

7.8CVSS5.8AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2020/08/07 9:15 p.m.7 views

CVE-2020-15480

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers MSRs. This could lead to arbitrary Ring-0 code...

8.8CVSS7.8AI score0.00632EPSS
Exploits1References4
Prion
Prion
added 2020/08/07 9:15 p.m.22 views

Remote code execution

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers MSRs. This could lead to arbitrary Ring-0 code...

7.2CVSS8.7AI score0.00632EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2020/08/07 8:6 p.m.33 views

CVE-2020-15480

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers MSRs. This could lead to arbitrary Ring-0 code...

8.8AI score0.00632EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/07/15 7:28 p.m.17 views

CVE-2020-11437

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database...

5.2AI score0.00945EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2020/07/10 3:39 p.m.9 views

CVE-2020-8195

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users...

6.3AI score0.33263EPSS
Exploits5References2
Prion
Prion
added 2020/05/18 10:15 p.m.29 views

Default credentials

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet...

4CVSS6.3AI score0.03118EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/05/14 5:15 p.m.11 views

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

6.5CVSS7.9AI score0.00603EPSS
Exploits1References1
Prion
Prion
added 2020/05/14 5:15 p.m.13 views

Design/Logic Flaw

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

4CVSS7.9AI score0.01306EPSS
Exploits2References1
Veracode
Veracode
added 2020/04/17 2:10 a.m.36 views

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

8.8CVSS6.7AI score0.99064EPSS
Exploits10References6Affected Software2
UbuntuCve
UbuntuCve
added 2020/04/17 12:0 a.m.23 views

CVE-2020-10708

race condition in kernel/audit.c may allow low privilege users trigger kernel panic...

5.8AI score
Exploits0References3
OSV
OSV
added 2020/03/06 3:15 p.m.3 views

CVE-2020-9756

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with...

7.8CVSS7.1AI score0.00506EPSS
Exploits1References1
NVD
NVD
added 2019/12/02 5:15 p.m.18 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

7.8CVSS8AI score0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/12/02 4:46 p.m.23 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

8AI score0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/11/21 2:38 p.m.17 views

CVE-2019-10617

Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA61749377.WIN.1.0 in QCA61749377...

7.6AI score0.00222EPSS
Exploits0References1
Rows per page
Query Builder