PT-2024-38203 · Panda Security · Panda Security Dome

Name of the Vulnerable Software and Affected Versions: Panda Security Dome affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged co...

PT-2024-38202 · Panda Security · Panda Security Dome

Name of the Vulnerable Software and Affected Versions: Panda Security Dome affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged co...

CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...

CVE-2020-11640

ABB Advant MOD 300 AdvaBuild (versions 3.0–3.7 SP2) is affected by CVE-2020-11640 due to improper privilege management in the command queue. An attacker who gains access to the command queue can trigger execution of arbitrary executables on the AdvaBuild node, not limited to AdvaBuild utilities, ...

PT-2024-38210 · Comodo · Comodo Internet Security

Name of the Vulnerable Software and Affected Versions: Comodo Internet Security Pro affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the targ...

(0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

SUSE CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

PT-2024-28962 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: gitoxide versions 0.10.8 Description: The issue arises from gix-path being tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts to create new...

PT-2024-24055 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: The issue is related to an Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. This vulnerability may allow the upload of executable files, potentially...

CVE-2024-32861 Software House C•CURE - CouchDB executable protection

Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions...

CVE-2024-5402

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 58...

The vulnerability of the Multiline RFC 2231 email server component in Exim, which allows bypassing existing security restrictions by implementing specially crafted executable files.

The vulnerability of the Multiline RFC 2231 email server component relates to deficiencies in the restrictions on loading files of hazardous types. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by introducing specially crafted executable files...

SUSE CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

ROS-20240712-01

Vulnerability in Multiline RFC 2231 component of Exim mail server is related to incorrect analysis of the the multiline RFC 2231 header file name. Exploitation of the vulnerability could allow an attacker, acting remotely, to deliver executable attachments to end-user mailboxes...

Purpose of CMSTART command

This article provides information about the command CMSTART. Purpose of CMSTART command Cmstart.exe is a process that runs when you log on to the XenApp server. It is called by winlogon. It is associated with Wfshell.exe, CltMgr.exe, and Icast.exe files. The cmstart is controlled by the following...