CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : libXpm vulnerabilities (USN-5807-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-1 advisory. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening...

CVE-2021-45492

In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...

Security advisory: QProcess

Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the...

seatd-launch -- privilege escalation with SUID

Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...

CVE-2020-15264

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looki...

CVE-2020-15264

The CVE-2020-15264 issue affects the Boxstarter installer prior to version 2.13.0, which places C:\ProgramData\Boxstarter on the system PATH. The directory is writable by non-privileged users, enabling DLL loading by a privileged service through a DLL such as WptsExtensions.dll. When Windows star...

Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation

Vulnerability description not provided...

GlassWire: Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM

GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one...

FreeBSD : FreeBSD -- posix_spawnp(3) buffer overflow (f8b46415-c264-11ea-8659-901b0ef719ab)

posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable...

FreeBSD -- posix_spawnp(3) buffer overflow

Problem Description: posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH...

CVE-2019-18670

In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...

Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...

CVE-2019-4447

CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...

Design/Logic Flaw

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

CVE-2019-12576

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher binary is setuid root. This program is called during the connection process and executes...

The vulnerability of the executable file Acrunnt.exe of the information security protection tool Akord-Win64 allows a intruder to execute arbitrary code.

The vulnerability of the Acrunnt.exe executable of the information protection tool Akord-Win64 relates to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows a perpetrator to execute arbitrary code using a specially crafted DLL library, by placing it a...

CVE-2017-2802

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. ...