Lucene search
K

4517 matches found

NVD
NVD
added 2020/05/14 5:15 p.m.11 views

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

6.5CVSS7.9AI score0.00603EPSS
Exploits1References1
Prion
Prion
added 2020/05/14 5:15 p.m.12 views

Design/Logic Flaw

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

4CVSS7.9AI score0.01306EPSS
Exploits2References1
Veracode
Veracode
added 2020/04/17 2:10 a.m.36 views

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

8.8CVSS6.7AI score0.99064EPSS
Exploits10References6Affected Software2
UbuntuCve
UbuntuCve
added 2020/04/17 12:0 a.m.22 views

CVE-2020-10708

race condition in kernel/audit.c may allow low privilege users trigger kernel panic...

5.8AI score
Exploits0References3
OSV
OSV
added 2020/03/06 3:15 p.m.2 views

CVE-2020-9756

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with...

7.8CVSS7.1AI score0.00506EPSS
Exploits1References1
NVD
NVD
added 2019/12/02 5:15 p.m.16 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

7.8CVSS8AI score0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/12/02 4:46 p.m.20 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

8AI score0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/11/21 2:38 p.m.17 views

CVE-2019-10617

Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA61749377.WIN.1.0 in QCA61749377...

7.6AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2019/09/18 11:15 p.m.3 views

CVE-2019-3756

RSA Archer, versions prior to 6.6 P3 6.6.0.3, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions...

6.5CVSS6.6AI score0.0109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.10 views

PT-2019-5215 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.3.1 Description: The issue is related to a Cross-Site Scripting XSS error in the block editor of the WordPress content management system. This error can be exploited by authenticated users with lower privileges,...

9.8CVSS6.5AI score0.4375EPSS
Exploits16References75
RedHat Linux
RedHat Linux
added 2019/05/14 1:35 p.m.4 views

foreman: stored XSS in success notification after entity creation

A cross-site scripting XSS flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and...

7.6CVSS6AI score0.00878EPSS
Exploits0References4
OSV
OSV
added 2018/12/14 8:29 p.m.4 views

UBUNTU-CVE-2018-20153

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS...

5.4CVSS7.3AI score0.02466EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/11/09 5:45 p.m.30 views

Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

6.5CVSS2.9AI score0.02557EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2018/08/27 12:0 a.m.31 views

Vox TG790 ADSL Router Cross Site Request Forgery

Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session management low privilege users are able to create administrator accoun...

0.4AI score
Exploits0
OSV
OSV
added 2018/07/25 1:29 p.m.3 views

CVE-2018-6971

VMware Horizon View Agents 7.x.x before 7.5.1 contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation including silent installations. Successful...

7.8CVSS5.8AI score0.00417EPSS
Exploits0References4
OSV
OSV
added 2018/07/10 4:29 p.m.6 views

CVE-2018-1487

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972...

7.8CVSS5.8AI score0.0044EPSS
Exploits0References3
NVD
NVD
added 2018/05/31 6:29 p.m.18 views

CVE-2018-11132

In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue...

9CVSS8.9AI score0.18285EPSS
Exploits3References1
UbuntuCve
UbuntuCve
added 2018/05/15 9:29 p.m.25 views

CVE-2017-2604

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371. All administrative monitors now require the user accessing them to be an administrator...

4.3CVSS6.3AI score0.0135EPSS
Exploits0References2
OSV
OSV
added 2018/05/15 9:29 p.m.18 views

CVE-2017-2604

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...

4.3CVSS5AI score0.0135EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/05/15 9:0 p.m.22 views

CVE-2017-2604

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...

4.3CVSS4.8AI score0.0135EPSS
Exploits0References4
Rows per page
Query Builder