Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-20080 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper pri...Show more A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20079 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege manageme...Show more A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20078 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible...Show more A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20077 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege manageme...Show more A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20076 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management....Show more A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20075 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possi...Show more A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20074 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege mana...Show more A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20073 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege m...Show more A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20072 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. I...Show more A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20071 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege ma...Show more A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20070 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. T...Show more A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20069 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is pos...Show more A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2017-20068 1Hindu Matrimonial Script Project 1Hindu Matrimonial Script Nov 21, 2024 Jun 21, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privile...Show more A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-1823 1Mcafee 1Consumer Product Removal Tool Nov 21, 2024 Jun 20, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. Thi...Show more Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.Show less
CVE-2022-26668 1Asus 1Control Center Nov 21, 2024 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
CVE-2017-20063 1Elefantcms 1Elefant Cms Nov 21, 2024 Jun 20, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to imprope...Show more A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2022-2023 1Trudesk Project 1Trudesk Nov 21, 2024 Jun 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-34006 1Southrivertech 1Titan Ftp Server Nextgen Nov 21, 2024 Jun 19, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus ena...Show more An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.Show less
CVE-2020-36549 1Ge 1Voluson S8 Firmware Nov 21, 2024 Jun 17, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is requi...Show more A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed.Show less
CVE-2018-25044 1Bittorrent 1Utorrent Nov 21, 2024 Jun 17, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be...Show more A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.Show less

Previous 1...798081...139 Next