4 matches found
GHSA-FMF5-J5J9-99PP OS Command Injection in pulverizr
pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...
Process Hacker DLL Hijacking
Hi Wen Jia, You probably heart about the Java issue which affected their installer. http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html However this issue also affects multiple other installers as a security researcher has shown...
Windows Mail privilege escalation
Insufficient path on executable call...
vbox3 privilege escalation
Elevated privileges are not dropped on external executable call...