CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2005 – Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2005
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-21 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3256 – Advantech R-SeeNet External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-3256
This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45287
https://notcve.org/view.php?id=CVE-2022-45287
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. • http://cwx.com http://temenos.com https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •