CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...

CVE-2025-54136

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...

CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...

CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...

CVE-2024-2747

CVE-2024-2747 affects Schneider Electric Easergy Studio. The root cause is CWE-428: an unquoted search path/element, allowing a local attacker with low privileges to escalate privileges by replacing a trusted file name and rebooting the system. Impact is described as high for confidentiality, int...

PT-2024-2668 · Schneider Electric · Easergy Studio

Name of the Vulnerable Software and Affected Versions: Easergy Studio affected versions not specified Description: A vulnerability exists in Easergy Studio due to an unquoted search path or element, which could cause privilege escalation when a valid user replaces a trusted file name on the syste...

EulerOS Virtualization 3.0.1.0 : squashfs-tools (EulerOS-SA-2019-1459)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attacke...

CVE-2016-4292

When opening a Hangul HShow Document .hpt and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds...

OSSEC 2.8.1 Local Root Escalation

Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...

OSSEC 2.7 2.8.1 - diff Local Privilege Escalation

OSSEC 2.7 2.8.1 - diff Local Privilege Escalation Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that...

CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

Java webstart also allows execution of arbitrary code

It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine Java webstart is equally vulnerable Java webstart is a revolutionary way of deploying java applications and comes standard with j...