The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.
86dde6c9282f9f7fb3fc66f8f29e9d2f98fa12526e58142988e5f83d173bd04c
Microsoft Windows x86 NDISTAPI privilege escalation exploit that leverages the vulnerability outlined in MS11-062.
fd44381a9fc5685d9a01998dfd8619f8fcf75a3a8c328dc5d068b277cf421391
Windows x86 afd.sys privilege escalation exploit that leverages the issue outlined in MS11-046.
db373fd42b1c54d05f5950ab5e52c93d6d4295fd00339cb1fe9ad414a9034018
NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services. The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode (i.e. with SYSTEM privileges).
10347041ea74c6b447143df9dd4aa3555e238a1fcca1ba360cd0d9e113076d9d