Arbitrary Code Execution

github.com/cli/cli is vulnerable to arbitrary code execution. An attacker can inject and execute malicious .\git.exe or .\git.bat files through the %PATH% variable on windows when gh runs on the current working directory...

CVE-2022-22528

SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...

CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable...

Design/Logic Flaw

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable...

CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable...

AMD Radeon 代码问题漏洞

Amd Radeon is a package of device drivers and utilities for Advanced Micro Devices graphics cards and gpu's from Amd USA. A security vulnerability exists in AMD Radeon Software that stems from the possibility that AMD Radeon Software could be hijacked by a DLL via a path variable. An unprivileged...

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters coun...

OPENSUSE-SU-2021:3899-1 Security update for aaa_base

This update for aaabase fixes the following issues: - Allowed ping and ICMP commands without CAPNETRAW bsc1174504. - Add $HOME/.local/bin to PATH, if it exists bsc1192248. - Fixed getkernelversion.c to work also for recent kernels on the s390/X platform bsc1191563. - Support xz compressed kernel...

Dropouts Technologies Llp Super Backup 路径遍历漏洞

Dropouts Technologies Llp Super Backup is a contact backup application from Dropouts Technologies Llp, India. A security vulnerability exists in Dropouts Technologies LLP Super Backup that allows an attacker to perform directory traversal by changing a path variable to request a local list comman...

Node.js: Node Installer Local Privilege Escalation

Node is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. To demonstrate thi...

Authorization Bypass

doas is vulnerable to authorization bypass. The vulnerability exists as the PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

Command injection

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

CVE-2019-25016

Summary: CVE-2019-25016 affects OpenDoas (versions 6.6–6.8). When the authenticating rule allowed executing any command, the user’s PATH was inappropriately inherited by the resulting shell, enabling potential local privilege escalation. Rules limited to specific commands were not affected. What’...

CVE-2021-3115

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

ezEmu - Simple Execution Of Commands For Defensive Tuning/Research

ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...