Exploit for Improper Privilege Management in Microsoft

MiniPlasma Detection CVE-2020-17103 Sigma detection rule fo...

EUVD-2026-27836

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...

EUVD-2026-23116

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

CVE-2026-22676 Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

EUVD-2018-2280

Malware in sbrugna...

EUVD-2018-17316

Malware in sbrugna...

EUVD-2016-10291

Malware in sbrugna...

EUVD-2020-22012

Malware in sbrugna...

EUVD-2020-6071

Malware in sbrugna...

EUVD-2022-28783

Malicious code in bioql PyPI...

EUVD-2023-55688

Malicious code in bioql PyPI...

EUVD-2025-22321

Malicious code in bioql PyPI...

CVE-2025-57625

CYRISMA Sensor for Windows versions before 444 contains an insecure folder and file permissions flaw that lets a low-privilege user replace DataSpotliteAgent.exe (or other binaries invoked by the Cyrisma_Agent service at startup) and escalate to NT AUTHORITY\SYSTEM, enabling arbitrary code execut...

CVE-2025-58323

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks...

CVE-2025-58323

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks...

CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload

This module exploits a path traversal vulnerability CVE-2023-27855 in ThinManager use auxiliary/admin/networking/thinmanagertraversalupload msf auxiliarythinmanagertraversalupload show actions ...actions... msf auxiliarythinmanagertraversalupload set ACTION msf auxiliarythinmanagertraversalupload...

CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password...

Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)

Remote Code Execution in Samsung MagicINFO 9 Server use exploit/windows/http/magicinfotraversal msf exploitmagicinfotraversal show targets ...targets... msf exploitmagicinfotraversal set TARGET msf exploitmagicinfotraversal show options ...show and set options... msf exploitmagicinfotraversal...

CVE-2025-1095

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation LPE. The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a l...