PT-2020-13860 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad versions 1.7.8 and later Description: A Cross Site Scripting XSS issue was found due to improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. The vendor states that Codiad is no long...

PT-2020-12538 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 4.4.0 Description: The issue allows for a privilege escalation. If a Windows system has a PATH containing a user-writable directory, a local user can create a zlib1.dll DLL that osquery will attempt to load, enabling...

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

Linux: Strictly define variable user PATH variable

The requirement aims to prevent system commands from being replaced by malicious commands, ensuring that system commands can be executed securely. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code &...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

DEBIAN-CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable...

CVE-2012-2248

CVE-2012-2248 affects dhclient 4.3.1-6 due to an embedded path variable, described across multiple sources as a path traversal issue. The available connected documents consistently identify the problem as a vulnerability in the dhclient component, but do not provide concrete exploitation steps, a...

CVE-2018-16156

In PaperStream IP TWAIN 1.42.0.5685 Service Update 7, the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkicFjicube32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

Design/Logic Flaw

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to...

Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress utilities checks the user's PATH...

Roxio Toast 7 DejaVu Component PATH Variable Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19596/info Roxio Toast is prone to a local privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. As a result, local users may set their own search path for external applications tha...

CVE-2012-5381

CVE-2012-5381 describes an untrusted search path vulnerability in PHP 5.3.17 when installed in the top-level C:\ directory. A Trojan horse DLL (wlbsctrl.dll) placed in C:\PHP could be added to PATH and loaded by the IKE and AuthIP IPsec Keying Modules service, potentially allowing local privilege...

CVE-2012-5377

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...