bwatters-r7

33 exploits Active since May 2018
CVE-2019-1322 EXPLOITDB HIGH ruby WORKING POC
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
CVSS 7.8
CVE-2021-35464 METASPLOIT CRITICAL ruby WORKING POC
ForgeRock AM <7.0 - Code Injection
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
CVSS 9.8
CVE-2023-38836 METASPLOIT HIGH ruby WORKING POC
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
CVSS 8.8
CVE-2023-34362 METASPLOIT CRITICAL ruby WORKING POC
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
CVSS 9.8
CVE-2024-30085 METASPLOIT HIGH ruby WORKING POC
Windows Cloud Files Mini Filter Driver - Privilege Escalation
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2020-0668 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 - Incorrect Permission Assignment
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
CVSS 7.8
CVE-2018-8440 METASPLOIT HIGH ruby WORKING POC
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS 7.8
CVE-2019-1405 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 1507 - Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
CVSS 7.8
CVE-2023-36874 METASPLOIT HIGH ruby WORKING POC
Windows Error Reporting Service - Privilege Escalation
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2020-1337 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 - TOCTOU Race Condition
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
CVSS 7.8
CVE-2019-15752 METASPLOIT HIGH ruby WORKING POC
Docker < 2.1.0.1 - Incorrect Permission Assignment
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
CVSS 7.8
CVE-2020-1048 METASPLOIT HIGH ruby WORKING POC
Microsoft Spooler Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
CVSS 7.8
CVE-2018-8897 METASPLOIT HIGH ruby WORKING POC
Intel 64 and IA-32 Architectures - Privilege Escalation
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVSS 7.8
CVE-2020-1313 METASPLOIT HIGH ruby WORKING POC
Windows Update Orchestrator Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.
CVSS 7.8
CVE-2022-30190 METASPLOIT HIGH ruby WORKING POC
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
CVSS 7.8
CVE-2023-38146 METASPLOIT HIGH ruby WORKING POC
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
CVSS 8.8
CVE-2023-34634 METASPLOIT HIGH ruby WORKING POC
Greenshot <1.2.10 - Code Injection
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
CVSS 7.8
CVE-2023-32629 METASPLOIT HIGH ruby WORKING POC
Canonical Ubuntu Linux - Incorrect Authorization
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
CVSS 7.8
CVE-2021-3493 METASPLOIT HIGH ruby WORKING POC
2021 Ubuntu Overlayfs LPE
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
CVSS 8.8
CVE-2024-1212 METASPLOIT CRITICAL ruby WORKING POC
Progress Loadmaster < 7.2.48.10 - OS Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVSS 10.0
CVE-2021-3156 METASPLOIT HIGH ruby WORKING POC
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS 7.8
CVE-2022-0995 METASPLOIT HIGH ruby WORKING POC
Watch Queue Out of Bounds Write
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
CVSS 7.8
CVE-2021-4034 METASPLOIT HIGH ruby WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8
CVE-2022-35914 METASPLOIT CRITICAL ruby WORKING POC
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
CVSS 9.8
EIP-2026-117528 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)