CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27347 – G DATA Total Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27347
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-379 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19279
https://notcve.org/view.php?id=CVE-2020-19279
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. • https://github.com/advisories/GHSA-g277-4m9p-49hv https://github.com/b3log/wide/issues/355 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27091
https://notcve.org/view.php?id=CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). • https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU https://gitee.com/xiaobingby/TeaCMS/issues/I6SXAF • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28235 – etcd: Information discosure via debug function
https://notcve.org/view.php?id=CVE-2021-28235
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. • http://etcd.com https://github.com/etcd-io/etcd https://github.com/etcd-io/etcd/pull/15648 https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png https://access.redhat.com/security/cve/CVE-2021-28235 https://bugzilla.redhat.com/show_bug.cgi?id=2184441 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26858
https://notcve.org/view.php?id=CVE-2023-26858
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. • https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •