Local Privilege Escalation

Title	Vulnerabilities	Programs	Authors
Poch, Poch, is this thing on? Bypass AMSI with Divide & Conquer	AMSI Bypass Local Privilege Escalation Windows	Microsoft (Windows Defender)	PfiatDe (@Pfiatde)
Executing Arbitrary Code & Executables in Read-Only FileSystems	Kubernetes Container Security Local Privilege Escalation	Undisclosed	Golan Myers
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)	Local Privilege Escalation	Microsoft (Windows)	Clem (@Clavoillotte) Jonas L (@JonasLyk)
Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage	Local Privilege Escalation	Nullsoft Scriptable Installer System (NSIS)	Richard Warren (@Buffaloverflow)
CVE-2023-33298 - Perimeter81 Local Privilege Escalation	Local Privilege Escalation MacOS Reverse Engineering	Perimeter81	NSEcho (@Lateralusd_)
Multiple vulnerabilities in UCOPIA <= 6.0.7 (CVE-2022-44719 / CVE-2022-44720)	Security Misconfiguration Local Privilege Escalation Internal Pentest	Weblib (Ucopia)	Jean Bonnevie Paul Barbé
Pulling SYSTEM out of Windows GINA	Authentication Bypass Windows Local Privilege Escalation	Zoho (ManageEngine ADSelfService Plus)	Pedro Ribeiro (@Pedrib1337) João Bigotte Ashley King
Netskope Client Service Local Privilege Escalation	Local Privilege Escalation DLL Hijacking Zip Slip Attack	Netskope	Jean-Jamil Khalife
Leveraging Android Permissions: A Solver Approach	Android Local Privilege Escalation	Google (Android)	Jérémy Breton
DLL Hijacking – Finding Vulnerabilities In pestudio 9.52	DLL Hijacking Local Privilege Escalation	Pestudio	Matei Josephs
Hunting for Bitwarden master passwords stored in memory	Information Disclosure Memory Leak Local Privilege Escalation	Bitwarden	Naz Markuta (@NazMarkuta)
KeePass Triggers Are Dead, Long Live KeePass Triggers!	Local Privilege Escalation	KeePass	Julien Bedel (@D3lb3_)
MSSQL linked servers: abusing ADSI for password retrieval	ADSI Active Directory Local Privilege Escalation	Undisclosed	Pablo Martínez (@Xassiz)
CVE-2022-32902: Patch One Issue and Introduce Two	TCC Bypass Local Privilege Escalation	Apple (MacOS)	Mickey Jin (@Patch1t)
VSCode Remote Code Execution advisory	RCE Thick Client Local Privilege Escalation	Microsoft VSCode)	Ammar Askar
DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)	DLL Hijacking Local Privilege Escalation	Microsoft (Windows)	Dor Dali
LOLBINed — Finding “LOLBINs” In AV Uninstallers	Local Privilege Escalation	Kaspersky F-Secure Trend Micro McAfee	Nasreddine Bencherchali (@Nas_bench)
Avast Anti-Virus privileged arbitrary file create on virus restore (CVE-2023-1586)	TOCTOU Arbitrary File Write Local Privilege Escalation	Avast NortonLifeLock	Denis Skvortcov (@Denis_Skvortcov)
CVE-2023-26818 - Bypass TCC with Telegram in macOS	TCC Bypass Local Privilege Escalation	Apple (MacOS)	Dan Revah (@Danrevah)
Finding and reporting a Gatekeeper bypass exploit with help from Mac Monitor	GateKeeper Bypass Local Privilege Escalation MacOS	Apple (MacOS)	Brandon Dalton (@PartyD0lphin) Csaba Fitzl (@Theevilbit)
Escaping Parallels Desktop with Plist Injection	Local Privilege Escalation Plist Injection TOCTOU	Parallels	Kn32
Bullied by Bugcrowd over Kape CyberGhost disclosure	Local Privilege Escalation OS Command Injection Security Code Review	Kape (CyberGhost)	Ceri Coburn (@_Ethicalchaos_)
CVE-2023-25394 - VideoStream Local Privilege Escalation	Local Privilege Escalation	Videostream	Dan Revah (@Danrevah)
Privilege Escalation in Microsoft Windows	Local Privilege Escalation	Microsoft (Windows)	Tobias Neitzel (@Qtc_de)
Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587)	TOCTOU NULL Pointer Dereference Arbitrary File Write Local Privilege Escalation	Avast	Denis Skvortcov (@Denis_Skvortcov)

Page 3 of 10