CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2018(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000133 269 +Priv 2018-03-16 2019-10-03
6.0
None Remote Medium ??? Partial Partial Partial
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.
2 CVE-2018-7738 +Priv 2018-03-07 2020-09-25
7.2
None Local Low Not required Complete Complete Complete
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
3 CVE-2018-7229 798 +Priv Bypass 2018-03-09 2018-03-27
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
4 CVE-2018-6809 +Priv 2018-03-06 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
5 CVE-2018-6400 DoS +Priv 2018-03-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.
6 CVE-2018-6322 DoS +Priv 2018-03-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
7 CVE-2018-6321 428 +Priv 2018-03-12 2018-04-10
4.6
None Local Low Not required Partial Partial Partial
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
8 CVE-2018-6183 DoS +Priv 2018-03-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.
9 CVE-2018-6016 428 +Priv 2018-03-12 2018-04-11
4.6
None Local Low Not required Partial Partial Partial
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
10 CVE-2018-5472 Exec Code +Priv 2018-03-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
11 CVE-2018-5468 Exec Code +Priv 2018-03-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
12 CVE-2018-1386 732 +Priv 2018-03-14 2021-06-07
6.9
None Local Medium Not required Complete Complete Complete
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.
13 CVE-2018-1206 798 +Priv 2018-03-12 2018-04-13
7.2
None Local Low Not required Complete Complete Complete
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.
14 CVE-2018-1197 732 +Priv 2018-03-19 2019-10-03
6.0
None Remote Medium ??? Partial Partial Partial
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
15 CVE-2018-0552 426 +Priv 2018-03-22 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
16 CVE-2018-0544 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
17 CVE-2018-0543 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
18 CVE-2018-0540 426 +Priv 2018-03-22 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
19 CVE-2018-0213 20 +Priv 2018-03-08 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753.
20 CVE-2018-0193 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.
21 CVE-2018-0185 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.
22 CVE-2018-0184 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432.
23 CVE-2018-0183 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356.
24 CVE-2018-0182 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.
25 CVE-2018-0176 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.
26 CVE-2018-0169 78 Exec Code +Priv 2018-03-28 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.
27 CVE-2018-0152 613 +Priv 2018-03-28 2019-12-03
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.
28 CVE-2018-0141 798 +Priv 2018-03-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982.
29 CVE-2017-18225 732 +Priv 2018-03-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
30 CVE-2017-8013 798 +Priv 2018-03-16 2018-04-13
7.5
None Remote Low Not required Partial Partial Partial
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).
31 CVE-2017-7640 78 +Priv 2018-03-08 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.
32 CVE-2017-0933 352 +Priv CSRF 2018-03-22 2019-10-09
8.5
None Remote Medium ??? Complete Complete Complete
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.
33 CVE-2015-7967 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
34 CVE-2015-7966 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.
35 CVE-2015-7965 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.
36 CVE-2015-7964 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
37 CVE-2015-7963 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
38 CVE-2015-7962 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
39 CVE-2015-7961 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
40 CVE-2015-7598 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
41 CVE-2015-7597 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
42 CVE-2015-7596 264 +Priv 2018-03-02 2018-03-17
4.6
None Local Low Not required Partial Partial Partial
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
43 CVE-2015-7440 264 +Priv 2018-03-15 2018-04-11
4.6
None Local Low Not required Partial Partial Partial
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.
44 CVE-2014-7272 264 +Priv 2018-03-08 2018-03-27
7.2
None Local Low Not required Complete Complete Complete
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
45 CVE-2014-5443 264 +Priv 2018-03-19 2018-04-20
4.6
None Local Low Not required Partial Partial Partial
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
46 CVE-2014-1215 119 Overflow +Priv 2018-03-20 2018-10-09
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.
Total number of vulnerabilities : 46   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.