CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-98V3-6PHW-46HC
Vulnerability from github – Published: 2024-03-09 06:30 – Updated: 2024-08-26 18:33An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
{
"affected": [],
"aliases": [
"CVE-2023-50015"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-09T05:15:08Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.",
"id": "GHSA-98v3-6phw-46hc",
"modified": "2024-08-26T18:33:32Z",
"published": "2024-03-09T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50015"
},
{
"type": "WEB",
"url": "https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-998Q-4G4X-CWCJ
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-21 21:33A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-61958"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:57Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh\u00a0restrictions and gain access to a bash shell.\u00a0 For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-998q-4g4x-cwcj",
"modified": "2025-10-21T21:33:30Z",
"published": "2025-10-15T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61958"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000154647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9CJ6-MQJ9-659V
Vulnerability from github – Published: 2024-11-18 18:30 – Updated: 2024-11-18 18:30A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-26074"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-18T16:15:06Z",
"severity": "HIGH"
},
"details": "A vulnerability in system file transfer functions of Cisco\u0026nbsp;SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.\nThe vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
"id": "GHSA-9cj6-mqj9-659v",
"modified": "2024-11-18T18:30:55Z",
"published": "2024-11-18T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26074"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F82-PR9C-9F3X
Vulnerability from github – Published: 2025-04-10 21:31 – Updated: 2025-04-10 21:31An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
{
"affected": [],
"aliases": [
"CVE-2025-23008"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-10T19:16:00Z",
"severity": "HIGH"
},
"details": "An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.",
"id": "GHSA-9f82-pr9c-9f3x",
"modified": "2025-04-10T21:31:09Z",
"published": "2025-04-10T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23008"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GQ5-MWJF-5WF3
Vulnerability from github – Published: 2024-08-13 09:30 – Updated: 2024-08-13 09:30A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as NT AUTHORITY\SYSTEM. This could allow a local attacker to execute operating system commands with elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2024-36398"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T08:15:10Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"id": "GHSA-9gq5-mwjf-5wf3",
"modified": "2024-08-13T09:30:52Z",
"published": "2024-08-13T09:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36398"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9VMX-QV98-7735
Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27143"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T03:15:10Z",
"severity": "CRITICAL"
},
"details": "Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone.\u00a0So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability.\u00a0For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL.",
"id": "GHSA-9vmx-qv98-7735",
"modified": "2024-07-04T06:35:01Z",
"published": "2024-06-14T03:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27143"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9X9C-RV2F-M4V9
Vulnerability from github – Published: 2025-09-02 15:31 – Updated: 2025-09-02 15:31In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
{
"affected": [],
"aliases": [
"CVE-2022-38694"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-01T08:15:32Z",
"severity": "HIGH"
},
"details": "In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.",
"id": "GHSA-9x9c-rv2f-m4v9",
"modified": "2025-09-02T15:31:07Z",
"published": "2025-09-02T15:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38694"
},
{
"type": "WEB",
"url": "https://www.nccgroup.com/research-blog/there-s-another-hole-in-your-soc-unisoc-rom-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C23G-CGV4-P67J
Vulnerability from github – Published: 2026-06-09 12:32 – Updated: 2026-06-09 12:32A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2026-46748"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T10:16:44Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.",
"id": "GHSA-c23g-cgv4-p67j",
"modified": "2026-06-09T12:32:04Z",
"published": "2026-06-09T12:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46748"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C336-7962-WFJ2
Vulnerability from github – Published: 2026-01-16 16:58 – Updated: 2026-06-09 10:34Impact
When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.
It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.
In order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the jupyter-server-proxy) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.
Patches
This has been fixed in the 2026.1.0 release. All users should upgrade to this version.
Mitigations
There are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.
It is possible to avoid code execution via Jupyter by uninstalling the jupyter-server-proxy and accessing the Dask dashboard directly at it's URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user's browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.
Another potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn't resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "distributed"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23528"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-16T16:58:16Z",
"nvd_published_at": "2026-01-16T17:15:54Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen [Jupyter Lab](https://jupyterlab.readthedocs.io/en/latest/), [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy) and [Dask distributed](https://github.com/dask/distributed) are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.\n\nIt is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.\n\nIn order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy)) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.\n\n### Patches\nThis has been fixed in the `2026.1.0` release. All users should upgrade to this version.\n\n### Mitigations\nThere are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.\n\nIt is possible to avoid code execution via Jupyter by uninstalling the [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy) and accessing the Dask dashboard directly at it\u0027s URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user\u0027s browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.\n\nAnother potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn\u0027t resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.",
"id": "GHSA-c336-7962-wfj2",
"modified": "2026-06-09T10:34:51Z",
"published": "2026-01-16T16:58:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23528"
},
{
"type": "WEB",
"url": "https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa"
},
{
"type": "PACKAGE",
"url": "https://github.com/dask/distributed"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2026-169.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard"
}
GHSA-C3HF-4F7R-M69M
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Possible improper input validation Vulnerability
in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
{
"affected": [],
"aliases": [
"CVE-2021-38118"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T16:15:18Z",
"severity": "MODERATE"
},
"details": "Possible improper input validation Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000.",
"id": "GHSA-c3hf-4f7r-m69m",
"modified": "2024-11-22T21:32:14Z",
"published": "2024-11-22T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38118"
},
{
"type": "WEB",
"url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.