543 matches found
CVE-2025-58323
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks...
CVE-2025-58323
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks...
PT-2025-35173
Name of the Vulnerable Software and Affected Versions: NAVER MYBOX Explorer for Windows versions prior to 3.0.8.133 Description: NAVER MYBOX Explorer for Windows is susceptible to a local privilege escalation issue. A local attacker can elevate privileges to NT AUTHORITYSYSTEM by executing...
CVE-2025-58322
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks...
CVE-2025-58322
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks...
PT-2025-34971
Name of the Vulnerable Software and Affected Versions: NAVER MYBOX Explorer for Windows versions prior to 3.0.8.133 Description: NAVER MYBOX Explorer for Windows is susceptible to local privilege escalation. A local attacker can execute arbitrary commands and escalate privileges to NT...
CVE-2025-55627
Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.46622503122283 allows authenticated attackers to create accounts with elevated privileges...
GLPI Privilege License and Access Control Issues Vulnerability (CNVD-2025-17791)
GLPI is a free asset and IT management software suite that provides ITIL service desk functionality, license tracking and software auditing. A security vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a failure to perform privilege checks on specific resource deletion...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed for Mac computers by Apple, Inc. A security vulnerability exists in Apple macOS that stems from insufficient privilege checking and could lead to accessing sensitive user data. The following products and versions are affected: macOS Sonoma...
GLPI 安全漏洞
GLPI is a free asset and IT management software suite that provides ITIL service desk functionality, license tracking and software auditing. A security vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a failure to perform privilege checks on specific resource deletion...
OSCP
OSCP Hello world! This repo contain some of the scripts, exploits, and documents made during my OSCP journey. The list include but not limited to the following: LinuxPrivCheck.sh Yes, there are far better scripts out there, However this one has less output to go thru and it has colors. Think basi...
WordPress plugin GiveWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-20324
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and sho...
CVE-2023-0328
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...
CVE-2023-0405
The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...
CVE-2023-3209
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both...
CVE-2022-4004
The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...
CVE-2020-8145
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...
Google Android elevation of privilege vulnerability (CNVD-2025-07522)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from the program's failure to perform privilege checks, and can be exploited by an attacker to gain privileges and elevate privileges without...