EUVD-2020-28601

Malware in sbrugna...

EUVD-2020-28615

Malware in sbrugna...

CVE-2024-49515 Substance3D - Painter | Untrusted Search Path (CWE-426)

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to poi...

CVE-2024-47422

Adobe FrameMaker (versions 2020.6, 2022.4 and earlier) is affected by CVE-2024-47422, an Untrusted Search Path vulnerability that could allow arbitrary code execution when a malicious path is found in search directories. The issue is a local vulnerability with user interaction required, and the r...

GHSA-R4PF-3V7R-HH55 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh installer script. NSExec by default searches the current directory of where the installer is located before searching PATH. This means that if an attacker can place a malicious executable file named...

Microsoft Windows Unsafe Handling Practices

Hi @ll, This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed with MS14-019 alias MSKB 2922229 and assigned CVE-2014-0315: command lines with a batch script as first...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...

Design/Logic Flaw

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...

CVE-2020-7490

Summary (CVE-2020-7490): The vulnerability is a CWE-426 Untrusted Search Path issue in Schneider Electric’s Vijeo Designer software. Affected products/versions include Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior). The underlying issue is that loading a m...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...

Design/Logic Flaw

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

CVE-2020-7476

The CVE-2020-7476 entry affects Schneider Electric ZigBee Installation Kit prior to version 1.0.1, with a CWE-426 Untrusted Search Path issue that could lead to execution of malicious code if a attacker-provided file is placed in the search path. Root cause: untrusted search path. Impact is shell...

CVE-2019-6826

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product...

CVE-2019-6826

The CVE-2019-6826 entry concerns a CWE-426 Untrusted Search Path vulnerability in Schneider Electric SoMachine HVAC (v2.4.1 and earlier). The vulnerability arises when a malicious DLL library is loaded by the product, enabling arbitrary code execution on the system. Connected documents consistent...

CVE-2019-6826

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product...

CVE-2019-1010100

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables ALL executables on the web site. The attack vector is: CAPEC-471, CWE-426, CWE-427...

CVE-2019-1010100

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables ALL executables on the web site. The attack vector is: CAPEC-471, CWE-426, CWE-427...

Privilege escalation

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables ALL executables on the web site. The attack vector is: CAPEC-471, CWE-426, CWE-427...

CVE-2019-1010100

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables ALL executables on the web site. The attack vector is: CAPEC-471, CWE-426, CWE-427...

CVE-2019-1010100

CVE-2019-1010100 affects Akeo Consulting Rufus 3.0 and earlier. The vulnerability is DLL search order hijacking in executable installers/portable executables on the site. Root cause: DLL search order issue leading to Arbitrary code execution with escalation of privilege. Documented attack referen...