CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5334 254 +Priv 2018-01-08 2018-01-29
10.0
None Remote Low Not required Complete Complete Complete
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
2 CVE-2015-9266 22 +Priv Dir. Trav. 2018-09-05 2021-08-12
10.0
None Remote Low Not required Complete Complete Complete
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
3 CVE-2016-6552 255 +Priv 2018-07-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
4 CVE-2016-6553 255 +Priv 2018-07-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
5 CVE-2016-6554 255 +Priv 2018-07-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.
6 CVE-2016-9498 502 Exec Code +Priv 2018-07-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.
7 CVE-2017-5802 +Priv 2018-02-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
8 CVE-2017-7637 78 +Priv 2018-06-05 2018-07-12
10.0
None Remote Low Not required Complete Complete Complete
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
9 CVE-2017-7640 78 +Priv 2018-03-08 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.
10 CVE-2017-8931 +Priv 2018-10-30 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
11 CVE-2017-13696 119 Overflow +Priv 2018-01-24 2018-02-13
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
12 CVE-2018-0125 20 DoS Exec Code +Priv 2018-02-08 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
13 CVE-2018-0268 358 Exec Code +Priv Bypass 2018-05-17 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.
14 CVE-2018-6809 +Priv 2018-03-06 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
15 CVE-2018-7058 287 +Priv Bypass 2018-08-06 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
16 CVE-2018-9091 Exec Code +Priv Bypass 2018-05-25 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.
17 CVE-2018-10251 1188 Exec Code +Priv 2018-05-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
18 CVE-2018-17153 287 +Priv Bypass 2018-09-18 2018-12-18
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
19 CVE-2018-0507 426 +Priv 2018-01-26 2018-02-13
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
20 CVE-2018-0543 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
21 CVE-2018-0544 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
22 CVE-2018-0561 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
23 CVE-2018-0562 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
24 CVE-2018-0563 426 +Priv 2018-06-26 2018-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
25 CVE-2018-0598 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
26 CVE-2018-0599 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
27 CVE-2018-0601 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
28 CVE-2018-0649 426 +Priv 2018-09-07 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
29 CVE-2018-0692 426 +Priv 2018-11-15 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
30 CVE-2018-6461 426 +Priv 2018-02-05 2018-03-13
9.3
None Remote Medium Not required Complete Complete Complete
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
31 CVE-2018-9569 787 Exec Code +Priv 2018-12-07 2019-11-13
9.3
None Remote Medium Not required Complete Complete Complete
In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.
32 CVE-2018-9577 787 Exec Code +Priv 2018-12-07 2019-11-13
9.3
None Remote Medium Not required Complete Complete Complete
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
33 CVE-2018-10636 787 Exec Code Overflow +Priv 2018-08-13 2020-08-31
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
34 CVE-2018-14327 732 +Priv 2018-09-26 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
35 CVE-2014-5279 284 Exec Code +Priv 2018-02-06 2019-04-29
9.0
None Remote Low ??? Complete Complete Complete
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.
36 CVE-2017-15043 20 Exec Code +Priv 2018-05-04 2018-06-13
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
37 CVE-2018-0152 613 +Priv 2018-03-28 2019-12-03
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.
38 CVE-2018-0432 78 +Priv 2018-10-05 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
39 CVE-2018-3758 434 +Priv 2018-06-07 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
40 CVE-2018-6186 918 Exec Code +Priv 2018-02-01 2018-03-03
9.0
None Remote Low ??? Complete Complete Complete
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
41 CVE-2018-6677 22 +Priv Dir. Trav. 2018-07-23 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
42 CVE-2018-8007 20 Exec Code +Priv Bypass 2018-07-11 2019-05-13
9.0
None Remote Low ??? Complete Complete Complete
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.
43 CVE-2018-11062 798 +Priv 2018-11-02 2019-01-30
9.0
None Remote Low ??? Complete Complete Complete
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
44 CVE-2018-11769 Exec Code +Priv Bypass 2018-08-08 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
45 CVE-2018-13801 269 +Priv 2018-10-10 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
46 CVE-2018-16161 +Priv 2018-11-15 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
47 CVE-2018-18555 78 +Priv 2018-12-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
48 CVE-2014-8421 264 +Priv 2018-04-12 2021-09-09
8.5
None Remote Medium ??? Complete Complete Complete
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
49 CVE-2017-0933 352 +Priv CSRF 2018-03-22 2019-10-09
8.5
None Remote Medium ??? Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.
50 CVE-2018-13110 732 +Priv 2018-07-06 2019-10-03
8.5
None Remote Medium ??? Complete Complete Complete
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
Total number of vulnerabilities : 247   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.