CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52330 – Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52330
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46474
https://notcve.org/view.php?id=CVE-2023-46474
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. • https://github.com/Xn2/CVE-2023-46474 http://pmb.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29445 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29445
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities https://www.ptc.com/en/support/article/cs399528 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29444 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29444
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 https://www.ptc.com/en/support/article/cs399528 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52094 – Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52094
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-028 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •