A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
9aa5ede2ea03c876775407f0098c013dfd3c503cc4ebb1ee7306284def339699
Debian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
cc938fc7d54d51a015c06e68ed74d219f09c0baf6016e28dce18fb4e2629a93b
Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
d0afde3f652695a582f8f83010eff7e3e04b687512bd57083978cd1bcf5e8994
DCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.
e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238d
VMware Security Advisory 2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.2.
e972c0cc520f6f97e817bb5a4e0c24d662b8d2bc490df7d7c6495823d655fb56
This Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.
32678ccb2a4454a4f3176a572bfd08436712de26dce1cdfb8b2986d281d3c14e
F5 BIG-IQ version 4.1.0.2013.0 is vulnerable to a privilege escalation attack which allows an attacker to change the root users password. This Metasploit module does just this, then SSH's in.
e88c2fdbf6780b151994d9da095dd2c28aa8321d1b27ae806082f64775e233a7
Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.
46f9762d77c27f4579740acc749cf9bbfa02d036bfb37b414990a0d228c44bb4
MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.
a0ae9096d79c1c275cffec3bdc2deea7b44431121dc864efe994e588286bebca
WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.
fa0ee4897fffef374ba31d9600f656b4b67d282b9dee8e74e5f06db89ccd0ac0
A privilege escalation vulnerability was discovered in gostorego.com that allowed a remote, unauthenticated attacker the ability to create an administrative user.
fd4a8bf76717b3109d12eccb9649183d623437e3a934794546f17e7fd08872d2
This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell. Note: Adding a .js to the URL will return plain javascript (no HTML markup).
dbb32d05e01054ebc7b29568cea429ebb06111292c8c20ba817f8d844646e5ff
Asterisk Project Security Advisory - External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dial-plan functions. Dial-plan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain dial-plan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.
d023c90a325ba8f94bb3cf31d665ef950f78277c35b78413f1a2879e54fbf60b
VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
8f9cff72a0ccf5698417351f83db26499274ced107b280c2dbb84eec5ebddcb1
Mandriva Linux Security Advisory 2013-244 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. The updated packages have been patched to correct this issue.
af7482beeb30b5336944896057c8df7f6c9b5cb4480241b35162b432c91c28d1
Debian Linux Security Advisory 2765-1 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.
3903ec4ccc79432967878e89f87d6fdeefddcd86cea4d6f09148d0d4af7e6b8b
Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.
569d8b0cda13d3a73e841bf15e6cefd040a645974771d3bc8fc7fc5adeea0929
VMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
75310092496198f08a5f8a13a612852a0938bbfbb7b8f5a1b4e025180516c7f1
Novell Client 2 SP3 suffers from a privilege escalation vulnerability.
90372d883442b6991b9af375b8d05bbaa5c31c066b8a21018779b94badc3881d
Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.
0e5c91de166e96816038a7f98567514c202036f0f1912a66b14cb371c8775dc2
Debian Linux Security Advisory 2694-1 - A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.
fc4a611833f0a5eb9fe705374c4e9db33905e8cf726ffbe494a50eadf1b5b633
Avira Personal appears to suffer from a privilege escalation vulnerability.
eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
Ubuntu Security Notice 1815-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. Andy Lutomirski discovered a privilege escalation in the Linux kernel's user namespaces. A local user could exploit the flaw to gain administrative privileges.
d7e3f35ae144f5755ed1c27567bd8f421a30bbc3f32a069ad759830fde991224
SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.
eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7da
Mandriva Linux Security Advisory 2013-071 - A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender, when the NameOwnerChanged signal was received. A local attacker could use this flaw to escalate their privileges.
38a7f795c9dbf85c8c9f40f7bee0e1c36b4f7c15067e9d63187d3ea2d1ae392a
Symantec Enterprise Security Management versions 10.x and below suffer from a privilege escalation vulnerability.
c443df4d121433a3485da2ff9539b52207d42460b04ff347a8310a636a91ccbc