In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users.
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrar...
NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and c...
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.