5046 matches found
WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload
Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25909 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID e05dfe398169 Credits Dave Jong Patchstack Required privilege...
WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Settings Change
Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-25907 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 67f969090926 Credits Dave Jong Patchstack Required...
WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Settings Change
Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-25908 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 54ad5de45957 Credits Dave Jong Patchstack Required...
DLL Redirection
PanelSW.Custom.WiX is vulnerable to DLL redirection attacks. The vulnerability is due to insufficient security checks in handling of the TEMP folder, allowing attackers to escalate privileges by dropping a malicious DLL into a specific directory structure monitored by the burn engine, which when...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path due to the improper handling of the .be TEMP folder. An attacker can escalate privileges by monitoring the user's TEMP folder for changes and inserting a malicious DLL into the .be/.Local folder immediately when th...
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path due to the improper handling of the .be TEMP folder. An attacker can escalate privileges by monitoring the user's TEMP folder for changes and inserting a malicious DLL into the .be/.Local folder immediately when th...
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
GHSA-259P-RVJX-FFWG Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
GHSA-7WH2-WXC7-9PH5 WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Summary .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. Details If the bundle is not run as admin, the user's TEMP folder is used and not the system TEMP folder. A utility is able to monitor the user's TEMP folder for changes and drop its o...
PT-2024-40006 · Microsoft · Wix
Name of the Vulnerable Software and Affected Versions: WiX installer framework affected versions not specified Description: The vulnerability allows an attacker to escalate privileges through DLL redirection attacks. When the bundle is not run as admin, the user's TEMP folder is used, and a utili...
PT-2024-40202 · Microsoft · Wix
Name of the Vulnerable Software and Affected Versions: WiX installer framework affected versions not specified Description: The vulnerability allows an attacker to escalate privileges through DLL redirection attacks. When the bundle is not run as admin, the user's TEMP folder is used, and a utili...
CVE-2024-24810
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been...
CVE-2024-24810 WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been...
CVE-2024-24810 WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been...
WiX Toolset Code Issue Vulnerability
WiX Toolset is an open source code library for . A code issue vulnerability exists in WiX Toolset 4 through 4.0.4, versions prior to 3.14.0, which stems from the .be TEMP folder being susceptible to a DLL redirection attack that allows an attacker to elevate privileges...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...
CVE-2023-28049
Dell Command | Monitor (Dell) affected product: Dell Command | Monitor versions prior to 10.9. The vulnerability is an arbitrary folder deletion bug exploitable by a locally authenticated user to perform a privileged arbitrary file delete, with impact on integrity and availability as described in...
CVE-2023-28049
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete...