Privilege Escalation

This vulnerability allows a local attacker to run their own malicious code with higher privileges on a system by placing harmful files in a specific folder. It requires that the attacker has access to the system and can exploit weak permissions that let them replace important program files.

This vulnerability allows an attacker with a read-only user account to gain full administrative access to the Wowza Streaming Engine by tricking the system into thinking they have higher privileges. The attacker simply needs to send a specially crafted request to the server, changing certain parameters to elevate their access level.

This vulnerability allows an attacker with access to the Wowza Streaming Engine to replace important executable files with malicious ones, giving them the ability to run code with full system privileges when the services restart. The attacker can exploit this due to overly permissive file settings that let anyone modify these files.

This vulnerability allows an attacker with an authenticated user account to gain higher privileges by replacing important program files with malicious versions. It occurs because the system incorrectly allows these users to modify executable files, which they shouldn't be able to do.

This vulnerability allows attackers to gain higher privileges by replacing important program files with their own malicious versions. It occurs because the files are set to be writable by anyone, meaning unprivileged users can modify them without restriction.

An attacker can gain full root privileges within a vulnerable container by modifying the system's user file, allowing them to create a new user with administrative rights. This can happen if they can run commands inside the container and are part of the root group, taking advantage of a misconfigured file permission during the container's setup.

An attacker can gain full root privileges within a vulnerable container by modifying the /etc/passwd file, allowing them to create a new user with root access. This can happen if they can run commands inside the container and are part of the root group, which is made possible by the way the container's files were set up during its creation.

This vulnerability allows an attacker to gain higher-level access on a system running the Forcepoint NGFW Engine, potentially letting them execute unauthorized actions. To exploit this, the attacker must already have local access to the system, meaning they need to be physically present or have some form of legitimate access.

An attacker with special permissions can exploit a flaw in Kubewarden to read sensitive information about Ingresses, Namespaces, and Services in a Kubernetes cluster. This requires the attacker to have been granted specific "AdmissionPolicy" create permissions, which are not typically given by default.

This vulnerability allows low-privilege users to modify existing notebook content in the SiYuan knowledge management system, even though they should only have read-only access. It occurs because the system doesn't properly check user permissions, enabling these users to add new content to documents through a specific API.

This vulnerability allows an unprivileged user to crash the operating system by exploiting a flaw in the way routing information is handled, leading to a stack overflow. While the crash is a protective measure, it could potentially be bypassed by other vulnerabilities, allowing an attacker to gain higher privileges on the system.

An attacker can exploit a security flaw in the RustDesk Client to trick users into changing their passwords without their consent, potentially giving the attacker access to the user's account. This vulnerability affects versions up to 1.4.5 on multiple platforms, and it requires the attacker to get the user to click on a malicious link.

This vulnerability allows an attacker to trick a privileged service into deleting important system files by replacing a directory with a malicious link just before the deletion happens. To exploit this, the attacker needs local access to the system to create the link, which can lead to serious issues like crashing the system or gaining unauthorized control.

This vulnerability allows an attacker to delete any file on the system with high-level permissions by tricking a software updater into following a malicious link. The attacker needs local access to the machine to create this link, which can lead to serious issues like crashing the system or compromising its integrity.

This vulnerability allows attackers to register for any membership level on a WordPress site, including those that should be inactive or require payment, potentially giving them high-level access like Administrator privileges. The attacker does not need to be logged in, making it easy for them to exploit this flaw if the site is using an affected version of the Membership Plugin.

This vulnerability allows an attacker to gain root access on a Mac by exploiting a flaw in the iBoysoft NTFS software's helper service, which doesn’t require any authentication. To take advantage of this, the attacker must have local access to the machine running the affected version of the software.

This vulnerability allows an attacker to gain higher privileges on a system by tricking it into loading a malicious file instead of a legitimate one when using Inno Setup version 6.2.1 or earlier. To exploit this, the attacker needs access to the same directory as the Inno Setup application, making it crucial for users to ensure their environments are secure from unauthorized access.

This vulnerability allows an attacker to write files anywhere on a system and potentially gain higher access privileges by exploiting a flaw in how Google Web Designer handles zip files. To exploit this, the attacker needs to trick the software into processing a specially crafted zip file.

This vulnerability allows an attacker to access sensitive client credentials and internal system details through a specific field when the event stream is in test mode. If an attacker has read access to the event stream, they could potentially see this sensitive information, leading to risks like privilege escalation or ongoing exposure of critical data.

This vulnerability allows attackers to register as an Administrator on WordPress sites using the Listee theme, giving them full control over the site. It can be exploited by anyone, even without an account, by simply altering a specific registration parameter.