CVE-2020-3979

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

CVE-2020-3979

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

Remote code execution

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

CVE-2020-3979

InstallBuilder for Qt Windows versions prior to 20.7.0 installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which coul...

CVE-2020-3979

InstallBuilder for Qt Windows prior to 20.7.0 is vulnerable: installers load plugins from a predictable location writable by non-admin users, enabling potential library planting and code execution with the installer's security scope. A fix is available in version 20.7.0; apply the update to mitig...

VMware InstallBuilder Resource Management Error Vulnerability

VMware InstallBuilder is a multi-platform installer development and automatic update tool from VMware. A security vulnerability exists in VMware InstallBuilder versions prior to 19.11. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2020-3946

InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack denial-of-service...

CVE-2020-3946

InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack denial-of-service...

Design/Logic Flaw

InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack denial-of-service...

CVE-2020-3946

CVE-2020-3946 affects VMware InstallBuilder (AutoUpdate tool and regular installers) where builds using prior to version 19.11 are vulnerable to a Billion Laughs denial-of-service. Multiple sources in connected documents confirm the affected component and the pre-19.11 versions as vulnerable, wi...

CVE-2020-3946

InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack denial-of-service...

BitRock InstallBuilder Input Validation Error Vulnerability

BitRock InstallBuilder is a cross-platform installer creation tool from the U.S. company BitRock. The product supports multiple languages such as Java, PHP, Perl and Python. An input validation error vulnerability exists in BitRock InstallBuilder. An attacker can exploit this vulnerability to...

CVE-2019-5530

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...

CVE-2019-5530

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...

Design/Logic Flaw

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...

CVE-2019-5530

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...

CVE-2019-5530

Vulnerability for Windows binaries created with BitRock InstallBuilder versions prior to 19.7.0: installers can be tampered even if Authenticode-signed. Root cause is tampering risk in the installer generation process. Impact is integrity and authenticity of the installer; organizations should up...

XAMPP 7.1.1-0-VC14 DLL Hijacking

Hi @ll, xampp-win32-7.1.1-0-VC14-installer.exe, available from , is vulnerable, dangerous and defective. ALL other executable installers built with BitRock InstallBuilder which of course includes BitRocks InstallBuilder itself are vulnerable and defective too. 0. DANGEROUS 0.a It instructs its...

Code injection

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.11 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrockinstaller.log temporary file. NOTE: it is...

CVE-2006-2221

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.11 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrockinstaller.log temporary file. NOTE: it is...