CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 https://www.ibm.com/support/pages/node/7023423 • CWE-269: Improper Privilege Management •
CVE-2023-3160 – Local privilege escalation in security products for Windows
https://notcve.org/view.php?id=CVE-2023-3160
This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8466 • CWE-269: Improper Privilege Management •
CVE-2020-36082
https://notcve.org/view.php?id=CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. • https://github.com/alexlang24/bloofoxCMS/issues/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-29378
https://notcve.org/view.php?id=CVE-2021-29378
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. • https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-23595
https://notcve.org/view.php?id=CVE-2020-23595
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. • https://github.com/yzmcms/yzmcms/issues/47 • CWE-352: Cross-Site Request Forgery (CSRF) •