CVE-2012-5383

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

Design/Logic Flaw

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...

Design/Logic Flaw

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrate...

Design/Logic Flaw

DISPUTED Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the...

Design/Logic Flaw

DISPUTED Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added...

CVE-2012-5379

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH syste...

CVE-2012-5383

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system...

CVE-2012-5382

CVE-2012-5382 describes an untrusted search path vulnerability in Zend Server 5.6.0 SP4 when installed in the top-level C:\ directory. A Trojan horse DLL placed in C:\Zend\ZendServer\share\ZendFramework\bin could be added to PATH by an administrator, enabling local privilege escalation via wlbsct...

CVE-2012-5378

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrate...

CVE-2012-5383

CVE-2012-5383 describes an untrusted search path vulnerability in Oracle MySQL 5.5.28 when installed in the top-level C:\ directory. A Trojan horse DLL (wlbsctrl.dll) in C:\MySQL\MySQL Server 5.5\bin could be added to the PATH by an administrator and loaded by the IKE and AuthIP IPsec Keying Modu...

CVE-2012-5380

CVE-2012-5380 is an Untrusted search path vulnerability affecting Ruby 1.9.3-p194 installed in the top-level C:. The installation can lead to privilege escalation via a Trojan horse DLL (wlbsctrl.dll) placed in C:\Ruby193\bin that could be added to PATH and loaded by the IKE and AuthIP IPsec Keyi...

CVE-2012-5377

CVE-2012-5377 is an untrusted search path vulnerability in ActivePerl 5.16.1.1601 when installed in the top-level C:\ directory. The installation places a Trojan horse DLL in C:\Perl\Site\bin, which is added to PATH and can be used by a local attacker to gain privileges via a missing DLL (wlbsctr...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5379

CVE-2012-5379 affects ActivePython 3.2.2.3 installed in the top-level C:\ directory, where an untrusted search path can allow a Trojan horse DLL (wlbsctrl.dll) in C:\Python27 or C:\Python27\Scripts to be found via the PATH, enabling local privilege escalation through the IKE and AuthIP IPsec Keyi...

PT-2012-5963 · Microsoft +1 · Windows 8 +4

Name of the Vulnerable Software and Affected Versions: PHP version 5.3.17 Description: The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

DEBIAN-CVE-2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

Code injection

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...