writeups.xyz writeups.xyz / Privilege Escalation

Title Vulnerabilities Programs Authors
Improper Privilege Management in Grails Spring Security Core <= 5.1.0 (CVE-2022-41923)
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
LogicalDOC Vulnerability Disclosure
CVE-2023–0759 / Privilege Escalation in the Cockpit CMS
Azure security — Internal recon leveraging lack of access control
Host Header Injection to Complete Organization takeover
WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS
API Misconfiguration - No Swag of SwaggerUI
ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
Passwordless Persistence and Privilege Escalation in Azure
Privilege escalation leads to deleting other user’s account and company Workspace [Access Control]
AWS ECR Public Vulnerability
Privilege Escalation to remove the owner from the organization
From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225)
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
Broken access control + misconfiguration = Beautiful privilege escalation
From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942)
A Confused Deputy Vulnerability in AWS AppSync
MEGA’s Unlimited Cloud Storage Vulnerability
SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
Invitation Hijacking
Atlassian Jira Align, Version 10.107.4 Advisory
Finding Multiple Security Issues on Agorapulse
Sail away, sail away, sail away
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!