CVE-2026-40342

Summary: Firebird prior to versions 5.0.4, 4.0.7, and 3.0.14 is vulnerable to a path-traversal in the external engine plugin loader. An authenticated user with CREATE FUNCTION privileges can supply an ENGINE name that is concatenated into a filesystem path without filtering path separators or .. ...

(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...

IBM AIX Pioout任意库加载命令执行漏洞

BUGTRAQ ID: 25084 CVECAN ID: CVE-2007-4003 IBM AIX是一款商业性质的UNIX操作系统。 AIX操作系统所随捆绑的pioout程序处理命令行参数时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 pioout程序没有丢弃权限便加载了攻击者所提供的任意共享库，如果使用了-R命令行参数攻击者就可以指定用于解析打印机数据的共享库。pioout程序拥有root setuid，任何本地用户都可以执行，因此本地攻击者可以通过创建一个执行shell的共享库导致以root用户权限执行任意命令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法：...