Page 268 of 2984 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 https://docs.rapid7.com/release-notes/insightagent/20211210 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/289627 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. • http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exe https://excellium-services.com/cert-xlm-advisory/CVE-2021-42110 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

This vulnerability allows attackers to escalate privileges. • https://gist.github.com/stacksmasher007/76514ab2b782fb4383f1121e6fc19241 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. • https://confluence.topease.ch/confluence/display/DOC/Release+Notes • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •