msd0pe

8 exploits Active since Apr 2021
CVE-2023-31714 NOMISEC CRITICAL WORKING POC
Chitor-CMS <1.1.2 - SQL Injection
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
1 stars
CVSS 9.8
CVE-2021-25253 NOMISEC HIGH WORKING POC
Trend Micro Apex One <SP1 - Privilege Escalation
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1 stars
CVSS 7.8
CVE-2023-31747 NOMISEC HIGH WORKING POC
Wondershare Filmora <12.2.1.2088 - Privilege Escalation
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
CVSS 7.8
CVE-2023-53947 EXPLOITDB HIGH text WORKING POC
OCS Inventory NG <2.3.0.0 - Privilege Escalation
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
CVSS 8.4
CVE-2023-53946 EXPLOITDB HIGH text WORKING POC
Arcsoft PhotoStudio 6.0.0.172 - Privilege Escalation
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
CVSS 8.4
EIP-2026-118156 EXPLOITDB text WORKING POC
Wondershare Filmora 12.2.9.2233 - Unquoted Service Path
EIP-2026-118028 EXPLOITDB text WORKING POC
Trend Micro OfficeScan Client 10.0 - ACL Service LPE
CVE-2023-31714 EXPLOITDB CRITICAL python WORKING POC
Chitor-CMS <1.1.2 - SQL Injection
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
CVSS 9.8