RDPGuard 9.9.9 allows privilege escalation by executing arbitrary code via a crafted .bat file in the Tools > Custom Actions / Notifications menu, leading to a reverse shell as NT AUTHORITY\SYSTEM.
The exploit leverages a privilege escalation vulnerability in VirtualBox version 7.0.16. By exploiting this vulnerability, an attacker could elevate their privileges on the target system. The vulnerability is identified as CVE-2024-21111.
The WordPress Frontend Login and Registration Blocks Plugin version 1.0.7 allows attackers to escalate privileges by exploiting a vulnerability in the 'flrblocksusersettingsupdatehandle' action. This can lead to unauthorized changes in user settings.
The WordPress User Registration & Membership Plugin version 4.1.1 and below allows unauthenticated users to escalate privileges. An attacker can exploit this vulnerability to gain unauthorized access and perform malicious actions.
The Ancillary Function Driver for WinSock in Microsoft Windows 11 Pro 23H2 allows local users to gain privileges via a crafted application, leading to privilege escalation. This vulnerability is identified as CVE-2024-38193.
A business logic flaw in InfluxDB OSS allows users with a valid allAccess token to elevate their privileges to operator level by accessing current authorization tokens. This could lead to unauthorized access to the InfluxDB instance, compromising data confidentiality, integrity, and availability for users across different organizations.
A stored XSS vulnerability in Nagios Log Server 2024R1.3.1 allows a low-privileged user to inject malicious JavaScript into the 'email' field of their profile. When an administrator views the audit logs, the script executes, resulting in privilege escalation via unauthorized admin account creation. The vulnerability can be chained to achieve remote code execution (RCE) in certain configurations.
SureTriggers OttoKit Plugin version 1.0.82 and below is vulnerable to privilege escalation. By exploiting this vulnerability, an attacker can create an administrator account on the target WordPress site if the plugin is installed but uninitialized, and the site displays the REST API endpoint '/wp-json/sure-triggers/v1/automation/action'. The attacker can send a crafted HTTP POST request to achieve this.
The exploit allows an attacker to escalate privileges on Microsoft Windows 11 systems by leveraging a vulnerability in the kernel. By manipulating IOCTL buffers and exploiting the SystemHandleInformation method, an attacker can gain elevated privileges on the target system. This vulnerability has been assigned CVE-2024-21338.
The exploit allows an attacker to elevate privileges on Microsoft Windows 11 23h2 by exploiting a vulnerability in the CLFS.sys driver. By leveraging this vulnerability, an attacker can escalate their privileges on the system.
Services By CQR