121 matches found
Kangu para WooCommerce < 2.2.10 - Reflected XSS
Description The plugin does not sanitise and escape the etiqueta parameters before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
ASB-A-245135112
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Exploit for CVE-2023-20562
HITCON 2023 Demo CVE-2023-20562 Description This demonstra...
systemd 246 Local Root Privilege Escalation
Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...
CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...
CVE-2023-34116
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access...
CVE-2023-20658
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396...
CVE-2023-21000
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918...
Multiple e-plugins - Subscriber+ Privilege Escalation
The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...
Exploit for Improper Privilege Management in Sudo_Project Sudo
CVE-2023-22809 Ref: https://vulners.com/cve/CVE-2023-22809...
CVE-2022-20537
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is...
CVE-2022-20501
In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
CVE-2022-4173
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10...
CVE-2022-2385
A flaw was found in aws-iam-authenticator. This issue occurs when an allow-listed IAM identity may be able to modify their username and escalate privileges...
CVE-2022-2385 AccessKeyID validation bypass
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...
CVE-2022-20138
In ACTIONMANAGEDPROFILEPROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGEDPROFILEPROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2022-20192
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-27095
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level...
CVE-2022-20116
In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...
CVE-2022-20094
In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734...