CVE-2023-29444 Uncontrolled Search Path Element in PTC's Kepware KEPServerEX

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-pdl-to-image...

The vulnerability of the software for adjusting Intel XTU performance lies in the uncontrolled search path element, which allows a hacker to increase their privileges.

The vulnerability of the software for adjusting Intel XTU performance is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow a perpetrator to enhance their privileges...

CVE-2023-41790 Traversal Path on PHP file

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41790

CVE-2023-41790 is a path traversal vulnerability in Pandora FMS (versions 700–773) that allows access to server configuration files via an uncontrolled search path element, potentially compromising the database. Public descriptions consistently cite traversal through get_file.php as the root caus...

CVE-2023-41787

CVE-2023-41787 is an Uncontrolled Search Path Element vulnerability in Pandora FMS affecting versions 700–772. The issue arises from insecure search-path handling, enabling an attacker to access files containing sensitive information by manipulating configuration/file search paths. Documents cons...

PT-2023-28089 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 772 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to files...

Duet Display Security Vulnerability

Duet Display is a remote desktop application. A security vulnerability exists in Duet Display version 2.5.9.1 that stems from the presence of an uncontrolled search path element vulnerability. An attacker can place an arbitrary libusk.dll file in the C:UsersuserAppDataLocalMicrosoftWindowsApps...

The vulnerability of the software installer for SanDisk SecureAccess drives allows a hacker to execute arbitrary code.

The vulnerability of the software installer for SanDisk SecureAccess drives relates to an uncontrolled search path element. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2023-28388

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

The vulnerability of the executeable file connect.exe in the distributed version of the Git version control system for Windows allows a hacker to execute arbitrary code.

The vulnerability of the executeable file connect.exe in the distributed version of Git for Windows relates to an uncontrolled element in the search path. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

CVE-2023-39374

ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element...

CVE-2023-39374

CVE-2023-39374 affects ForeScout NAC SecureConnector 11.2. The issue is described as CWE-427: Uncontrolled Search Path Element, attributed to an uncontrolled search path element in the affected software. According to NVD/NVD-derived metrics, the vulnerability is rated CVSS v3.1 base score 7.8 (HI...

CVE-2023-39374 ForeScout NAC SecureConnector – CWE-427: Uncontrolled Search Path Element

ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element...

PTC Kepware KepServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...

The vulnerability of the microprogramming software used by the embedded video driver on the Server Board M10JNP2SB BMC Video Driver for Windows and Linux lies in an uncontrolled search path element, allowing a hacker to execute arbitrary code.

The vulnerability of the microprogramming software integrated into the Server Board M10JNP2SB BMC Video Driver for Windows and Linux lies in its uncontrolled search path mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2022-4894

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element...

CVE-2023-34355

Uncontrolled search path element for some IntelR Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2023-22171 · Intel · Intel Psr Sdk

Name of the Vulnerable Software and Affected Versions: IntelR PSR SDK versions prior to 1.0.0.20 Description: The issue is related to an uncontrolled search path element that may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For Intel...

​Siemens Software Center

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...