19 matches found
PT-2026-38282
Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-beta.2 Description A low-privileged authenticated API user with api.media.write permissions can achieve full administrative compromise of the Grav API. The issue exists in the API plugin's blueprint upload flow because the...
CVE-2010-0934
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script...
CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command...
EUVD-2010-0959
Malware in sbrugna...
EUVD-2010-0960
Malware in sbrugna...
EUVD-2021-22611
Malware in sbrugna...
CVE-2021-35978
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
CVE-2021-35978
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
Command injection
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
CVE-2021-35978
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...
Digi TransPort DR64 命令注入漏洞
The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi TransPort DR64 that allows arbitrary remote commands to be executed using the SUPER privilege. This allows an attacker to exploit the vulnerability kno...
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...
Oracle MySQL 5.1.50 - Privilege Escalation
Oracle MySQL 5.1.50 - Privilege Escalation source: https://www.securityfocus.com/bid/43677/info MySQL is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow t...
CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command...
Command injection
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script...
Command injection
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command...
CVE-2010-0935
Perforce Server 2009.2 and earlier allows remote authenticated users to obtain super privileges via a “p4 protect” command when the protection table is empty. Root cause: empty protection table enables privilege escalation. Impact: potential full administrative access. No remediation or patch det...