CVE-2024-45207

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently,...

CVE-2024-45207

CVE-2024-45207 affects Veeam Agent for Windows (Microsoft Windows) where DLL injection can occur if PATH contains insecure directories. The agent searches PATH for DLLs and may load a malicious DLL placed in those directories, enabling code execution with potential unauthorized access, data theft...

CVE-2024-45207

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently,...

postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code

A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables e.g., PATH via incorrect control of environment variables...

SUSE CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...

CVE-2021-26738

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges...

CVE-2021-26738 Privilege Escalation for ZCC macOS via PATH Variable

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges...

Zscaler Client Connector Code Issue Vulnerability

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

Exploit for CVE-2023-21746

It is an exploit module/toolkit targeting a vulnerability in a s...

PT-2023-25389 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.7.1 Description: An attacker may be able to get read-only access to environment variables. This issue affects users of Shescape on Windows using the Windows Command Prompt, and when using quote/quoteAll or...

Important: libXpm

Issue Overview: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 A flaw was found ...

SUSE CVE-2006-1296

Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH...

SUSE CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

ROS-20230124-05

A vulnerability in the X Pixmap XPM libXpm image file library is related to an infinite loop when processing unclosed comments in XPM images in the ParseComment function. loop when processing unclosed comments in XPM images in the ParseComment function. Exploitation The vulnerability could allow ...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm 代码问题漏洞

libXpm is a lib open source image file format library. A code issue vulnerability exists in libXpm. An attacker could exploit this vulnerability to execute other programs by manipulating the PATH environment variable...

CVE-2022-31739

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This...

Mist 代码问题漏洞

Mist is the official command line interface to the makedeb package repository, a makedeb open source. A code issue vulnerability exists in Mist 0.9.5 and earlier versions, which stems from a user-supplied sudo binary via the PATH variable that allows a local user to run arbitrary commands on the...

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple an...

CVE-2021-45492

In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...