3 matches found
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...
EUVD-2018-9985
Malware in sbrugna...
CVE-2018-18249
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=$PATH$APACHERUNDIR$APACHERUNUSER parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet...