PT-2026-40459

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2 Description ChurchCRM is an open-source church management system. The UserEditor.php file processes user account creation and permission updates using $ POST parameters without validating Cross-Site Request...

EUVD-2017-8704

Malware in sbrugna...

EUVD-2024-32090

Malicious code in bioql PyPI...

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

PT-2025-18693 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.5.0 and earlier Description: The issue concerns a privilege context switching error in the PAM JIT feature of Devolutions Server. This error allows a PAM JIT account password to be improperly reset after usa...

CVE-2025-26512

CVE-2025-26512 affects NetApp SnapCenter prior to 6.0.1P1 and 6.1P1. An authenticated SnapCenter Server user can escalate to admin on a remote system where a SnapCenter plug-in is installed. Impact is privilege escalation with high severity (CVSS v3.1: 9.9, CRITICAL). Remediation: update to 6.0.1...

CVE-2024-3504 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in versi...

CVE-2024-2339

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

BroadcomCA Automic Automation 安全漏洞

Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....

CVE-2021-36207

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

CVE-2022-22189

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

CVE-2020-17474

A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...

Microsoft Windows: Require domain users to elevate when setting a networks location

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winncstddomainusersetlocation.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Require domain users to elevate when setting a networks location Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

X (Formerly Twitter): fabric.io - app member can make himself an admin

Let say, Alice is a member of TestApp. - Log into fabric.io as Alice and navigate to settings. - Click on Apps and choose TestApp. - Click on team members link and notice that Alice role is Member. Clicking on team members link sends a similar request as shown below. GET...

Elevation of global permission from Administrator to System administrator

With "Administrator" permission I go to the global permissions page http://:7990/admin/permissions. 1. Type in the name of another user without any global permissions. 2. Select "System Administrator" as permission. 3. Press save. Expected result: Stash would deny me creating a "System...

HP-UX Update for System Administration Manager (SAM) HPSBUX01104

Check for the Version of System Administration Manager SAM OpenVAS Vulnerability Test HP-UX Update for System Administration Manager SAM HPSBUX01104 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

HP-UX Update for System Administration Manager (SAM) HPSBUX01104

Check for the Version of System Administration Manager SAM OpenVAS Vulnerability Test HP-UX Update for System Administration Manager SAM HPSBUX01104 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

under linux to stay Local the back door of the two methods-vulnerability warning-the black bar safety net

Method one: setuid method, in fact, 8 is very secluded. Look at the process: root@localdomain lib ls-l |grep ld-linux lrwxrwxrwx 1 root root 9 2008-06-07 1 7:3 2 ld-linux. so. 2 - ld-2.7. so lrwxrwxrwx 1 root root 1 3 2008-06-07 1 7:4 7 ld-lsb. so. 3 - ld-linux. so. 2 root@localdomain lib chmod +...

DebPloit (exploit)

DebPloit allows Everyone to get handle to Any process or thread. Handles have enough access to promote everyone to system/admin in the case Target is running under LocalSystem, Administrator account. Works on: Any MS Windows NT 4.0, Windows 2000 SPs before Mar-12-2002. Former NTs weren't tested...