27 matches found
CVE-2021-47847
CVE-2021-47847 affects Disk Sorter Server 13.6.12. It contains an unquoted service path vulnerability in the binary path configuration of disksrs.exe located at C:\Program Files\Disk Sorter Server\bin\disksrs.exe, enabling local attackers to inject malicious executables and escalate privileges. T...
CVE-2020-36930
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables...
CVE-2023-53981
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
EUVD-2019-8651
Malware in sbrugna...
EUVD-2024-38242
Malicious code in bioql PyPI...
EUVD-2025-30278
Malicious code in bioql PyPI...
CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
GHSA-W5FX-FH39-J5RW Codex has sandbox bypass due to bug in path configuration logic
Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...
SUSE SLES15 Security Update : go1.24-openssl (SUSE-SU-2025:02837-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02837-1 advisory. Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS...
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...
CVE-2021-25392
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...
Configure the Banner Path Correctly
The banner path points to a file which contains the prompt information displayed on the client before a user logs in to the SSH. The content in the file can be configured based on the actual service scenario. If the banner path is not set, no information is displayed by default...
Arbitrary Code Execution
github.com/github/git-sizer is vulnerable to Arbitrary Code Execution. The vulnerability is due to the misconfiguration of the system's PATH environment variable, which can allow malicious executables to be inadvertently run when commands are executed if the current directory is placed before the...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
GHSA-HM92-VGMW-QFMX chromedriver Command Injection vulnerability
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must have access to the system...
How to configure URL Transformation to transform part of URL Path
When accessinghttp://example.com/url1/xxxx, Netscalercan transform /url1/ to /url2/ and preserve other parts, then forward to backend server...
CVE-2022-34813
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...
Design/Logic Flaw
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...