CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

Zoom Rooms for Windows 代码问题漏洞

Zoom Rooms for Windows is a meeting software developed by the American company Zoom. Versions of Zoom Rooms for Windows prior to 7.0.0 contained a code vulnerability. This vulnerability stemmed from an insecure search path within the installer, which could allow authenticated users to gain elevat...

PT-2023-14294 · Arm · Arm Compiler 5 (Ac5) +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when the directory containing the installer lacks sufficiently restrictive file permissions, allowing an attacker to modify or replace...

多款Dell产品 安全漏洞

Dell Command Update is a Dell USA Inc. tool for automating driver, BIOS and firmware updates in Dell products. A security vulnerability exists in Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.6.0 and 4.7.1, which originates from the inclusion of an insecure action i...

PT-2022-10199 · Intel · Intel System Studio

Name of the Vulnerable Software and Affected Versions: IntelR System Studio affected versions not specified Description: The issue is related to an uncontrolled search path in the software installer, which may allow an authenticated user to potentially enable escalation of privilege via local...

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

CVE-2021-33091

Insecure inherited permissions in the installer for the IntelR NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...

PT-2019-2464 · Intel · Intel Chipset Device

Name of the Vulnerable Software and Affected Versions: IntelR Chipset Device Software INF Update Utility versions prior to 10.1.1.45 Description: The issue is related to improper permissions in the installer, which may allow an authenticated user to escalate privileges via local access. This is d...

CVE-2018-8412: by MS Office for Mac Legacy Package to provide the right-vulnerability warning-the black bar safety net

Note: a patch has been released, please will you MAU upgrade to 18081201 ! Microsoft Autoupdate Helper 3.18180410 + legacy SilverLight insecure installer package EoP Scope of impact: Microsoft Office for Mac 2016 and SkypeForBusiness（16.17.0.65） This report relates to two main defects: 1. Code...

Installer of JTrim may insecurely load Dynamic Link Libraries

Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries

Overview "FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to...

PrimeDrive Desktop Application Installer may insecurely load executable files

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...