CVE-2024-30977
https://notcve.org/view.php?id=CVE-2024-30977
An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. • http://www.secnet.cn/newsdetail/388.html https://github.com/wodi98k/zip_crack/blob/main/SecnetAC.pdf • CWE-269: Improper Privilege Management •
CVE-2024-27981
https://notcve.org/view.php?id=CVE-2024-27981
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later. • https://community.ui.com/releases/Security-Advisory-Bulletin-038-038/9d13fead-47de-4372-b2c1-745b8d6b0399 •
CVE-2020-25730
https://notcve.org/view.php?id=CVE-2020-25730
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. • https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-27518 – SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-27518
An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. • https://github.com/secunnix/CVE-2024-27518 https://www.superantispyware.com https://www.youtube.com/watch?v=FM5XlZPdvdo • CWE-269: Improper Privilege Management •
CVE-2024-28589
https://notcve.org/view.php?id=CVE-2024-28589
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. • https://github.com/Alaatk/CVE-2024-28589 https://www.axigen.com/knowledgebase/Local-Privilege-Escalation-Vulnerability-on-Axigen-for-Windows-CVE-2024-28589-_402.html • CWE-732: Incorrect Permission Assignment for Critical Resource •