| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. |
| Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.
This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. |
| Permission control vulnerability in the Wi-Fi module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the Gallery app
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Input parameter verification vulnerability in the background service module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. |
| Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. |
| A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.
This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device. |
| A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. |
| A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. |
| Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1. |
| : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. |
| A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device. |
| : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows |
