CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000133 264 +Priv 2018-03-16 2018-04-10
6.0
None Remote Medium Single system Partial Partial Partial
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.
2 CVE-2018-19966 DoS +Priv 2018-12-07 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
3 CVE-2018-19963 DoS +Priv 2018-12-07 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
4 CVE-2018-19962 +Priv 2018-12-07 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
5 CVE-2018-19961 +Priv 2018-12-07 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
6 CVE-2018-19114 +Priv 2018-11-08 2018-11-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.
7 CVE-2018-18810 +Priv 2018-12-11 2018-12-11
0.0
None ??? ??? ??? ??? ??? ???
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0.
8 CVE-2018-18519 +Priv 2018-11-19 2018-11-19
0.0
None ??? ??? ??? ??? ??? ???
BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
9 CVE-2018-18093 +Priv 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
10 CVE-2018-17980 Exec Code +Priv 2018-10-15 2018-10-17
0.0
None ??? ??? ??? ??? ??? ???
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
11 CVE-2018-17894 798 +Priv 2018-10-12 2018-11-27
7.5
None Remote Low Not required Partial Partial Partial
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
12 CVE-2018-17776 +Priv 2018-09-28 2018-10-08
0.0
None ??? ??? ??? ??? ??? ???
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
13 CVE-2018-17775 +Priv 2018-10-08 2018-10-11
0.0
None ??? ??? ??? ??? ??? ???
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
14 CVE-2018-17182 416 Overflow +Priv 2018-09-19 2018-11-28
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
15 CVE-2018-17153 +Priv Bypass 2018-09-18 2018-09-22
0.0
None ??? ??? ??? ??? ??? ???
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
16 CVE-2018-16861 Exec Code +Priv XSS CSRF 2018-12-07 2018-12-07
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
17 CVE-2018-16161 264 +Priv 2018-11-15 2018-12-13
9.0
None Remote Low Single system Complete Complete Complete
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
18 CVE-2018-15774 +Priv 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
19 CVE-2018-15761 +Priv 2018-11-19 2018-11-19
0.0
None ??? ??? ??? ??? ??? ???
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
20 CVE-2018-15718 +Priv 2018-12-12 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
21 CVE-2018-15611 +Priv 2018-09-27 2018-09-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.
22 CVE-2018-15537 Exec Code +Priv 2018-11-29 2018-11-29
0.0
None ??? ??? ??? ??? ??? ???
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
23 CVE-2018-15441 89 Exec Code +Priv Sql 2018-11-28 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.
24 CVE-2018-15402 +Priv CSRF 2018-10-17 2018-10-18
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.
25 CVE-2018-15395 +Priv 2018-10-17 2018-10-23
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances.
26 CVE-2018-15394 +Priv Bypass 2018-11-08 2018-11-09
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.
27 CVE-2018-15368 20 Exec Code +Priv 2018-10-05 2018-11-26
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.
28 CVE-2018-14857 434 Exec Code +Priv 2018-08-06 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
29 CVE-2018-14850 79 +Priv XSS 2018-08-13 2018-10-10
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
30 CVE-2018-14825 +Priv +Info 2018-09-24 2018-11-01
0.0
None ??? ??? ??? ??? ??? ???
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.
31 CVE-2018-14678 264 DoS +Priv 2018-07-28 2018-10-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
32 CVE-2018-14533 264 +Priv 2018-07-31 2018-10-05
7.2
None Local Low Not required Complete Complete Complete
read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.
33 CVE-2018-14327 +Priv 2018-09-26 2018-09-29
0.0
None ??? ??? ??? ??? ??? ???
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
34 CVE-2018-13801 +Priv 2018-10-10 2018-10-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
35 CVE-2018-13409 79 +Priv XSS 2018-07-06 2018-08-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
36 CVE-2018-13408 79 +Priv XSS 2018-07-06 2018-08-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
37 CVE-2018-13110 264 +Priv 2018-07-06 2018-10-09
8.5
None Remote Medium Single system Complete Complete Complete
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
38 CVE-2018-12989 264 +Priv 2018-08-03 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
39 CVE-2018-11769 264 Exec Code +Priv Bypass 2018-08-08 2018-12-16
9.0
None Remote Low Single system Complete Complete Complete
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
40 CVE-2018-11334 254 DoS +Priv 2018-05-23 2018-06-26
4.6
None Local Low Not required Partial Partial Partial
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.
41 CVE-2018-11062 +Priv 2018-11-02 2018-11-03
0.0
None ??? ??? ??? ??? ??? ???
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
42 CVE-2018-11051 22 +Priv Dir. Trav. 2018-07-03 2018-09-05
5.0
None Remote Low Not required Partial None None
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
43 CVE-2018-10982 264 DoS +Priv 2018-05-10 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
44 CVE-2018-10931 749 +Priv 2018-08-09 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
45 CVE-2018-10902 415 +Priv 2018-08-21 2018-11-01
4.6
None Local Low Not required Partial Partial Partial
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
46 CVE-2018-10636 119 Exec Code Overflow +Priv 2018-08-13 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
47 CVE-2018-10598 125 Exec Code +Priv 2018-08-13 2018-10-15
5.8
None Remote Medium Not required Partial None Partial
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
48 CVE-2018-10361 264 +Priv 2018-04-25 2018-06-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
49 CVE-2018-10251 264 Exec Code +Priv 2018-05-04 2018-06-13
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
50 CVE-2018-9577 Exec Code +Priv 2018-12-07 2018-12-07
0.0
None ??? ??? ??? ??? ??? ???
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
Total number of vulnerabilities : 245   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.