52 matches found
PT-2024-35976 · Samsung · Samsung Magician
Name of the Vulnerable Software and Affected Versions: Samsung Magician version 8.1.0 Description: An issue was discovered in the installer of Samsung Magician on Windows, allowing an attacker to create arbitrary folders in the system permission directory via a symbolic link during the installati...
VDA Installer Only Displays Splash Screen then Closes
When installing the workstation VDA, the Installer Splash Screen appears for a second then disappears. Nothing is logged in the installer logs There are no crashes reported in the eventlogs DebugView shows the installer exits with status Code: 1 Using the Citrix VDA Cleanup Utility Tool does not...
PT-2024-24920 · Software House · Software House Ccure 9000
Name of the Vulnerable Software and Affected Versions: Software House C•CURE 9000 affected versions not specified Description: The issue arises when the Software House C•CURE 9000 installer utilizes unnecessarily wide permissions under certain circumstances. Recommendations: At the moment, there ...
Uninstallation of the Citrix License Server Fails with Error 1722
The uninstallation of the Citrix License Server fails and the following error message is displayed: “Product: Citrix Licensing -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or...
"Error 1722 . There is a problem with the Windows Installer package" on Provisioning Services
When removing or Installing the Citrix Provisioning Services PVS Server Console or Citrix Provisioning Services PVS target Device X64 from Add/Remove Programs or Provisioning services ISO, the following error message appears: “Error 1722. There is a problem with the Windows Installer package.A...
Zoom Client Code Issue Vulnerability
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability previously existed in Zoom Desktop Client for Windows version 5.14.5, which stemmed from an untrusted search path issue in the installer...
Privilege escalation
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2022-37173
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
CVE-2022-37173
The CVE-2022-37173 entry describes a vulnerability in the gvim 9.0.0000 installer that allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. Affected component: the installer. Root cause: binary hijacking during installation. Impact: remote arbi...
CVE-2021-28594
Adobe Creative Cloud Desktop Application installer version 2.4 and earlier is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this...
JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries
The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...
CVE-2019-10128
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a...
CVE-2020-12330
Improper permissions in the installer for the IntelR Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-7382
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40...
UBUNTU-CVE-2020-6417
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry...
The installer of PlayMemories Home for Windows may insecurely load Dynamic Link Libraries
Overview PlayMemories Home for Windows provided by Sony Corporation is Image Management Software. The installer of PlayMemories Home for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications...
MGASA-2017-0482 Updated ruby-RubyGems packages fix security vulnerabilities
An ANSI escape sequence vulnerability CVE-2017-0899. A DoS vulnerability in the query command CVE-2017-0900. A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. A DNS request hijacking vulnerability CVE-2017-0902. An unsafe object...
JVN#94056834: Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files
Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact Arbitrary code may be executed with the...
JVN#36303528: Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be...
Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
Overview Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability ...