Local Privilege Escalation

Title	Vulnerabilities	Programs	Authors
A Practical Guide to PrintNightmare in 2024	Local Privilege Escalation Windows	Undisclosed	Clément Labro (@Itm4n)
Multiple vulnerabilities in Ivanti Connect Secure	Path Traversal RCE Local Privilege Escalation Security Code Review	Ivanti	Jérôme Mampianinazakason
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)	Local Privilege Escalation Use-After-Free Kernel Hacking	Undisclosed	Nassim Asrir (@P1k4l4)
Android-based PAX POS vulnerabilities (Part 1)	POS Android Local Privilege Escalation Parameter Injection Security Code Review	PAX Technology	Adam Kliś Hubert Jasudowicz (@Hjasudowicz)
CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service	Local Privilege Escalation Windows	Microsoft (VS Code)	Filip Dragovic (@Filip_dragovic)
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)	Local Privilege Escalation DLL Injection	Microsoft (Windows)	Michael Maltsev (@M417z)
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise	Account Takeover Information Disclosure RCE Unrestricted File Upload Stored XSS Arbitrary File Read Local Privilege Escalation Path Traversal DoS IDOR Hardcoded Credentials	PandoraFMS	Oliver Brooks
Hunting for Android Privilege Escalation with a 32 Line Fuzzer	Android Fuzzing Memory Corruption Local Privilege Escalation	STM Xiaomi	Maksymilian Motyl
Technical Advisory – Multiple Vulnerabilities in Nagios XI	RCE Missing Authentication OS Command Injection Local Privilege Escalation Stored XSS Plaintext Storage of a Password Weak Credentials Privilege Escalation Post-Exploitation	Nagios	Oliver Brooks
Remote code execution and elevation of local privileges in Mitel Unify OpenStage and OpenScape VoIP phones	VoIP RCE Missing Authentication MiTM Local Privilege Escalation	Mitel (Atos Unify)	Pentagrid (@Pentagridsec)
Multiple Vulnerabilities In Extreme Networks ExtremeXOS	Arbitrary File Read Arbitrary File Write SSRF RCE Privilege Escalation Local Privilege Escalation CSRF Security Code Review	Extreme Networks	David Yesland (@Daveysec)
Bypassing a noexec by elf roping	Noexec Bypass Local Privilege Escalation	Undisclosed	Xilokar (@Xilokar)
sqlol (CVE-2023-32422) - a macOS TCC bypass	TCC Bypass Local Privilege Escalation	Apple (MacOS)	Gergely Kalman (@Gergely_kalman)
lateralus (CVE-2023-32407) - a macOS TCC bypass	TCC Bypass Local Privilege Escalation	Apple (MacOS)	Gergely Kalman (@Gergely_kalman)
Turning a boring file move into a privilege escalation on Mac	Local Privilege Escalation MacOS	Parallels	Kn32
CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater	Local Privilege Escalation Arbitrary File Write	Lenovo	Matt Nelson (@Enigma0x3)
Technical Advisory: Vulnerabilities Identified within ListServ	CSRF Samesite Cookie Bypass Reflected XSS Stored XSS Unrestricted File Upload DLL Hijacking Local Privilege Escalation Buffer Overflow Memory Corruption	ListServ	Adam Crosser
root with a single command: sudo logrotate	Local Privilege Escalation	Undisclosed	Joshua Rogers (@MegaManSec)
Getting SYSTEM on Windows in style	RCE Local Privilege Escalation TOCTOU DLL Hijacking	Microsoft (Windows)	Sector 7 (@Sector7_nl)
SSD Advisory – File History Service (FHSVC.DLL) Elevation Of Privilege	Local Privilege Escalation	Microsoft (Windows)	-
Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation	Local Privilege Escalation	IBM	Pz
ScienceLogic Dumpster Fire	Default Credentials Local Privilege Escalation RCE	Undisclosed	B0yd (@Rwincey)
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads	Local Privilege Escalation	Ubuntu	Sagi Tzadik (@Sagitz_) Shir Tamari (@Shirtamari)
Escalating Privileges via Third-Party Windows Installers	Local Privilege Escalation DLL Hijacking	Atera	Andrew Oliveau (@AndrewOliveau)
Lenovo Update Your Privileges	Local Privilege Escalation DLL Hijacking Windows	Lenovo	Raphael Rosenast

Page 2 of 10