RDPGuard 9.9.9 allows privilege escalation by executing arbitrary code via a crafted .bat file in the Tools > Custom Actions / Notifications menu, leading to a reverse shell as NT AUTHORITY\SYSTEM.
The exploit leverages a privilege escalation vulnerability in VirtualBox version 7.0.16. By exploiting this vulnerability, an attacker could elevate their privileges on the target system. The vulnerability is identified as CVE-2024-21111.
The WordPress Frontend Login and Registration Blocks Plugin version 1.0.7 allows attackers to escalate privileges by exploiting a vulnerability in the 'flrblocksusersettingsupdatehandle' action. This can lead to unauthorized changes in user settings.
The Ancillary Function Driver for WinSock in Microsoft Windows 11 Pro 23H2 allows local users to gain privileges via a crafted application, leading to privilege escalation. This vulnerability is identified as CVE-2024-38193.
A business logic flaw in InfluxDB OSS allows users with a valid allAccess token to elevate their privileges to operator level by accessing current authorization tokens. This could lead to unauthorized access to the InfluxDB instance, compromising data confidentiality, integrity, and availability for users across different organizations.
A stored XSS vulnerability in Nagios Log Server 2024R1.3.1 allows a low-privileged user to inject malicious JavaScript into the 'email' field of their profile. When an administrator views the audit logs, the script executes, resulting in privilege escalation via unauthorized admin account creation. The vulnerability can be chained to achieve remote code execution (RCE) in certain configurations.
SureTriggers OttoKit Plugin version 1.0.82 and below is vulnerable to privilege escalation. By exploiting this vulnerability, an attacker can create an administrator account on the target WordPress site if the plugin is installed but uninitialized, and the site displays the REST API endpoint '/wp-json/sure-triggers/v1/automation/action'. The attacker can send a crafted HTTP POST request to achieve this.
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 are vulnerable to privilege escalation. This is due to improper ACLs of the non-default installation directory. An attacker with local access could exploit this by replacing binaries in the installation directory, allowing them to execute arbitrary commands and potentially gain elevated privileges on the system.
The MinIO software before the version RELEASE.2024-01-31T20-20-33Z allows privilege escalation. An attacker can exploit this vulnerability to gain unauthorized access to higher levels of privilege.
LaborOfficeFree software installs a MySQL instance running as SYSTEM, where the MySQL root password is calculated based on constants. The program uses a reverse algorithm to calculate the root password each time it needs to connect to MySQL as root. This vulnerability affects version 19.10, but potentially also impacts versions prior to 19.10.
Services By CQR