CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` comm... • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18291
https://notcve.org/view.php?id=CVE-2017-18291
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET user. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18288
https://notcve.org/view.php?id=CVE-2017-18288
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET game. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18287
https://notcve.org/view.php?id=CVE-2017-18287
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro POST user_search. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18290
https://notcve.org/view.php?id=CVE-2017-18290
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET sort_direction. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18289
https://notcve.org/view.php?id=CVE-2017-18289
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET type. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •