15 matches found
SUSE CVE-2025-49124
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through...
Untrusted Search Path
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execut...
Apache Tomcat installer for Windows has an untrusted search path vulnerability
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through...
Untrusted Search Path
Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path i...
Untrusted Search Path
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execute arbitrary code with elevate...
UBUNTU-CVE-2025-49124
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through...
Apache Tomcat 安全漏洞
Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from the installer not specifying the full path when using icacls.exe...
WinAVR Version 20100110 - Insecure Folder Permissions Vulnerability
Exploit Title: WinAVR Version 20100110 - Insecure Folder Permissions Exploit Author: Mohammed Alshehri Vendor Homepage: https://sourceforge.net/projects/winavr/ Software Link: https://sourceforge.net/projects/winavr/files/WinAVR/20100110/WinAVR-20100110-install.exe Version: Version 20100110 Teste...
Seqrite End Point Security 7.4 Privilege Escalation
Exploit Title : Seqrite End Point Security v7.4 - Weak Folder Permissions Privilege Escalation Date : 09/13/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.seqrite.com/ Tested on : Windows 7 Enterprise SP1 x64 Description: ============ Seqrite End Point Security...
EE 4GEE Mini Local Privilege Escalation
Title: EE 4GEE Mini Local Privilege Escalation Vulnerability Date: 22-09-2018 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...
Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO Summary: Serviio is a free media server. It allows you to stream your media files music, video or images to renderer...
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
Operation Technology ETAP 14.1.0 - Local Privilege Escalation Operation Technology ETAP 14.1.0 Local Privilege Escalation Vendor: Operation Technology, Inc. Product web page: http://www.etap.com Affected version: 14.1.0.0 Summary: Enterprise Software Solution for Electrical Power Systems. ETAP is...
MicEnum - Mandatory Integrity Control Enumerator for Windows
In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control MIC is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity LevelsIL-based isolation to running processes and objects...
Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation
Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 8.7.6.792 Summary: O2 Connection Manager will help you to manage your internet connections by getting you...
Microsoft Office WPG图形文件处理堆溢出漏洞(MS08-044)
BUGTRAQ ID: 30598 CVECAN ID: CVE-2008-3021 Microsoft Office是非常流行的办公软件套件。 Office的WPGIMP32.FLT模块没有正确地处理office文档中的PICT图形,如果PICT图形文件中包含有超长的bitsperpixel字段的话,则打开该文件就可能触发堆溢出,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office Converter Pack Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3...