CVE-2024-28589
https://notcve.org/view.php?id=CVE-2024-28589
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. • https://github.com/Alaatk/CVE-2024-28589 https://www.axigen.com/knowledgebase/Local-Privilege-Escalation-Vulnerability-on-Axigen-for-Windows-CVE-2024-28589-_402.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-31012
https://notcve.org/view.php?id=CVE-2024-31012
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. • https://github.com/ss122-0ss/semcmsv4.8/blob/main/readme.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-6154 – Local privilege escalation in Bitdefender Total Security (VA-11168)
https://notcve.org/view.php?id=CVE-2023-6154
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. Un problema de configuración en seccenter.exe tal como se usa en Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free permite a un atacante cambiar el comportamiento esperado del producto y potencialmente cargar una librería de terceros durante la ejecución. Este problema afecta a Total Security: 27.0.25.114; Seguridad de Internet: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus gratuito: 27.0.25.114. • https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168 • CWE-15: External Control of System or Configuration Setting •
CVE-2024-2658 – Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-2658
This vulnerability allows local attackers to escalate privileges on affected installations of Flexera Software FlexNet Publisher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •
CVE-2024-29667
https://notcve.org/view.php?id=CVE-2024-29667
., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. • https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection • CWE-269: Improper Privilege Management •