CVE-2023-44449 – NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-44449
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. ... This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115 https://www.zerodayinitiative.com/advisories/ZDI-23-1717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. • https://github.com/Hebing123/CVE-2023-44796/issues/1 https://github.com/Hebing123/cve/issues/4 https://github.com/LimeSurvey/LimeSurvey/pull/3483 https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-45794
https://notcve.org/view.php?id=CVE-2023-45794
A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. • https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVE-2023-6006 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-6006
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de PaperCut NG. ... This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/CommonSecurityQuestions https://www.papercut.com/kb/Main/Security-Bulletin-November-2023 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2023-47195 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-47195
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1615 • CWE-346: Origin Validation Error •