EUVD-2018-3379

Malware in sbrugna...

CVE-2024-8616

CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...

CVE-2024-39613

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

WEM Database Creation Error Message regarding "Path Specified" when creating WEM database

When attempting to create a WEMDatabase using the Database Management Utility Console, it failswith: "Database Creation Error" The Citrix WEM Database Management Utility Debug Log shows the following exception:"Exception - CreateVuemdb.Run : SqlDatabaseHelper. connection Error : 5133 | Directory...

McAfee VirusScan 8.0 Path Specification Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16040/info McAfee VirusScan is prone to a vulnerability that could allow an arbitrary file to be executed. The 'naPrdMgr.exe' process calls applications without using properly quoted paths. Successful exploitation may all...

Дырка в gtk+ (GTK_MODULES)

Пользователь может указать расположение библиотек через переменную GTKMODULES...

sysback makes call to hostname without a fully qualified path specification

Overview sysback , shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname. Description sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders...