CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2021-3115

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

ezEmu - Simple Execution Of Commands For Defensive Tuning/Research

ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...

PT-2020-13860 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad versions 1.7.8 and later Description: A Cross Site Scripting XSS issue was found due to improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. The vendor states that Codiad is no long...

PT-2020-12538 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 4.4.0 Description: The issue allows for a privilege escalation. If a Windows system has a PATH containing a user-writable directory, a local user can create a zlib1.dll DLL that osquery will attempt to load, enabling...

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

The vulnerability of the LD_LIBRARY_PATH environment variable in Apache OpenOffice’s office programs allows a hacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of the LDLIBRARYPATH environment variable in Apache OpenOffice applications is related to a lack of mechanisms for privilege control and access management. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data, cause service failures,...

Linux: Strictly define variable user PATH variable

The requirement aims to prevent system commands from being replaced by malicious commands, ensuring that system commands can be executed securely. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code &...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

DEBIAN-CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

CVE-2012-2248 affects dhclient 4.3.1-6 due to an embedded path variable, described across multiple sources as a path traversal issue. The available connected documents consistently identify the problem as a vulnerability in the dhclient component, but do not provide concrete exploitation steps, a...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2018-16156

In PaperStream IP TWAIN 1.42.0.5685 Service Update 7, the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkicFjicube32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

Design/Logic Flaw

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to...