Design/Logic Flaw

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability...

CVE-2020-27228

OpenClinic GA 5.173.3 is affected by an installation-time privilege-escalation vulnerability (CVE-2020-27228). The underlying issue is an incorrect default permissions setup that permits modification of the OpenClinic MySQL service binary (example path: c:\projects\openclinic\mysql5\bin\mysqld.ex...

Advantech WebAccess/SCADA 路径遍历漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local file inclusion vulnerability...

Cisco Prime Collaboration Provisioning Trust Management Vulnerability

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. A trust management vulnerability exists in t...

b2evolution CMS 6.8.10 PHP Code Execution

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install functionality CVE: CVE-2017-1000423 Credit: Anti RA$?is...

Design/Logic Flaw

DISPUTED Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH...

Design/Logic Flaw

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5377

CVE-2012-5377 is an untrusted search path vulnerability in ActivePerl 5.16.1.1601 when installed in the top-level C:\ directory. The installation places a Trojan horse DLL in C:\Perl\Site\bin, which is added to PATH and can be used by a local attacker to gain privileges via a missing DLL (wlbsctr...