Lucene search
K

208 matches found

NVD
NVD
added 2024/11/06 9:15 p.m.57 views

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

9.8CVSS0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 8:51 p.m.13 views

CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

7.1AI score0.0043EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/11/06 8:51 p.m.9 views

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

9.8CVSS5.3AI score0.0043EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.6 views

PT-2024-34873 · Unknown · Symphony Php Framework

Name of the Vulnerable Software and Affected Versions: Symphony PHP framework versions prior to 5.4.46 Symphony PHP framework versions prior to 6.4.14 Symphony PHP framework versions prior to 7.1.7 Description: The Symphony process module in the Symphony PHP framework executes commands in...

8.6CVSS7.2AI score0.0043EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.6 views

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.8.0 and prior versions, which stems from a failure to specify an absolute path when searching for the cmd.exe file. An attacker can exploit the...

7.8CVSS6.6AI score0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/27 9:28 a.m.15 views

CVE-2023-7270 Local Privilege Escalation via MSI installer

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...

6.8AI score0.00322EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/27 9:28 a.m.41 views

CVE-2023-7270 Local Privilege Escalation via MSI installer

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...

0.00322EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/09 5:28 p.m.28 views

CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

10CVSS9.9AI score0.20342EPSS
Exploits10References12
The Hacker News
The Hacker News
added 2024/04/02 11:0 a.m.49 views

China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security...

7.8AI score
Exploits0
NVD
NVD
added 2024/03/06 7:15 p.m.40 views

CVE-2024-27303

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

7.3CVSS7.1AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/06 6:35 p.m.50 views

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

7.3CVSS7.3AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 6:35 p.m.36 views

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

7.3CVSS7.2AI score0.00282EPSS
Exploits0References5
NVD
NVD
added 2024/01/02 6:15 a.m.20 views

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

7.8CVSS7.9AI score0.00414EPSS
Exploits0References5
OSV
OSV
added 2024/01/02 6:15 a.m.10 views

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

7.8CVSS7.2AI score0.00414EPSS
Exploits0References5
Prion
Prion
added 2024/01/02 6:15 a.m.21 views

Code injection

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

4.3CVSS7.7AI score0.00414EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/01/02 5:30 a.m.117 views

CVE-2023-47039

CVE-2023-47039 describes a local, path-order based binary hijacking vulnerability in Perl for Windows. The Perl launcher searches for cmd.exe and first looks in the current working directory due to path search order. An attacker with limited privileges could place a malicious cmd.exe in locations...

7.8CVSS7.9AI score0.00414EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/12/25 6:15 a.m.9 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

8.8CVSS0.00515EPSS
Exploits0References2
Prion
Prion
added 2023/12/25 6:15 a.m.16 views

Design/Logic Flaw

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

6.5CVSS7.1AI score0.00515EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.17 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

8.8AI score0.00515EPSS
Exploits0References2
NVD
NVD
added 2023/12/19 11:15 p.m.27 views

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

7.8CVSS0.00483EPSS
Exploits2References3
Rows per page
Query Builder