CVE-2019-16784

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784

creationtimestamp| type| source ---|---|--- 2023-12-28 05:38:02+00:00| seen| https://t.me/arpsyndicate/2198...

CVE-2020-16784

...

CVE-2020-16784

CVE-2020-16784 entry is rejected/not used as stated in the description.

Exploit for Execution with Unnecessary Privileges in Pyinstaller

PyInstallerPriv...

cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)

pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:GHSA-7FCJ-PQ9J-WH2R...

cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)

pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:PYSEC-2020-175...

CVE-2019-16784 Local Privilege Escalation present only on the Windows version of PyInstaller

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784

CVE-2019-16784 : On Windows, PyInstaller in "onefile" mode is vulnerable to local privilege escalation prior to version 3.6 when a privileged process launches it with a World-writable TempPath (e.g., C:\Windows\Temp) and the attacker can trigger a restart after their exploit. The issue affects so...

CVE-2018-16784

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "file type='file' name='../" substring...

CVE-2018-16784

CVE-2018-16784 concerns DedeCMS 5.7 SP2, where an XML injection allows remote code execution via a crafted substring "&lt;file type='file' name='../". The connected documents provide the vulnerability description and NVD metrics, indicating network access with low complexity and partial to high i...

CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection Vulnerabilities

Exploit for php platform in category web applications Affected Software : CMS Made Simple Affected Versions: Tested on 2.1.6 Vendor Homepage : http://www.cmsmadesimple.org/ Vulnerability Type : Server-Side Template Injection Severity : Important Status : Fixed CVE-ID : CVE-2017-16783 CVSS Base...

CVE-2017-16784

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter...

CVE-2017-16784

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter...