Design/Logic Flaw

DISPUTED Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the...

CVE-2012-5381

CVE-2012-5381 describes an untrusted search path vulnerability in PHP 5.3.17 when installed in the top-level C:\ directory. A Trojan horse DLL (wlbsctrl.dll) placed in C:\PHP could be added to PATH and loaded by the IKE and AuthIP IPsec Keying Modules service, potentially allowing local privilege...

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...

CVE-2012-5380

CVE-2012-5380 is an Untrusted search path vulnerability affecting Ruby 1.9.3-p194 installed in the top-level C:. The installation can lead to privilege escalation via a Trojan horse DLL (wlbsctrl.dll) placed in C:\Ruby193\bin that could be added to PATH and loaded by the IKE and AuthIP IPsec Keyi...

CVE-2012-5377

CVE-2012-5377 is an untrusted search path vulnerability in ActivePerl 5.16.1.1601 when installed in the top-level C:\ directory. The installation places a Trojan horse DLL in C:\Perl\Site\bin, which is added to PATH and can be used by a local attacker to gain privileges via a missing DLL (wlbsctr...

CVE-2012-5383

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system...

CVE-2012-5383

CVE-2012-5383 describes an untrusted search path vulnerability in Oracle MySQL 5.5.28 when installed in the top-level C:\ directory. A Trojan horse DLL (wlbsctrl.dll) in C:\MySQL\MySQL Server 5.5\bin could be added to the PATH by an administrator and loaded by the IKE and AuthIP IPsec Keying Modu...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2012-5378

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrate...

CVE-2012-5377

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...

CVE-2012-5382

CVE-2012-5382 describes an untrusted search path vulnerability in Zend Server 5.6.0 SP4 when installed in the top-level C:\ directory. A Trojan horse DLL placed in C:\Zend\ZendServer\share\ZendFramework\bin could be added to PATH by an administrator, enabling local privilege escalation via wlbsct...

CVE-2012-5379

CVE-2012-5379 affects ActivePython 3.2.2.3 installed in the top-level C:\ directory, where an untrusted search path can allow a Trojan horse DLL (wlbsctrl.dll) in C:\Python27 or C:\Python27\Scripts to be found via the PATH, enabling local privilege escalation through the IKE and AuthIP IPsec Keyi...

PT-2012-5963 · Microsoft +1 · Windows 8 +4

Name of the Vulnerable Software and Affected Versions: PHP version 5.3.17 Description: The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP...

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...