15 matches found
CVE-2025-64994
A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...
EUVD-2000-0551
Malware in sbrugna...
CVE-2017-12653
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory...
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious...
FlashGet Buffer Overflow Vulnerability
FlashGet is a free download manager from the Chinese company FlashGet. Used to create interactive customized graphs, display trends, alerts and schedules. A buffer overflow vulnerability exists in FlashGet v1.9.6, which is caused by a buffer overflow in the software's "current path directory"...
CVE-2020-28967
FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers...
FlashGet 缓冲区错误漏洞
FlashGet is a free download manager from the Chinese company FlashGet. Used to create interactive customized graphs, display trends, alerts and schedules. A buffer overflow vulnerability exists in FlashGet v1.9.6, which is caused by a buffer overflow in the software's "current path directory"...
GlassWire: Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM
GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one...
HackerOne: ImageMagick GIF coder vulnerability leading to memory disclosure
Hello Hackerone Security Team, Well,we are aware of Imagemagick Gif parsor method to collect the pixels and then we can recover it to gain server information. https://github.com/neex/gifoeb However,it has no impact on hackerone since it's immune to gif files uploading functionality. So, ,gif...
FreeBSD : arj -- multiple vulnerabilities (b95e5674-b4d6-11e7-b895-0cc47a494882)
Several vulnerabilities: symlink directory traversal, absolute path directory traversal and buffer overflow were discovered in the arj archiver. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...
libXfont: integer overflow of allocations in font metadata file parsing
A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server...
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included...
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. |...
Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting
Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4717/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix...
Critical Path directory products contain multiple vulnerabilities in LDAP handling code
Overview Multiple Critical Path directory products contain vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses th...