PT-2025-36904

Name of the Vulnerable Software and Affected Versions: Sunshine for Windows version v2025.122.141614 Description: Sunshine for Windows version v2025.122.141614 contains a DLL search-order hijacking vulnerability. This allows attackers to insert a malicious DLL into user-writable PATH directories...

BIT-LIBPYTHON-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabl...

Exploit for CVE-2024-53588

iTop-privesc MY FIRST 0-DAY!!! - CVE-2024-53588 A privileg...

SUSE CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

CVE-2021-45492

In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...

phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

CVE-2021-40981

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

PT-2021-17834 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue allows for privilege escalation via a dynamically linked shared object library. To exploit this, the ehealth user must create a malicious library in the...

Exploit for Command Injection in Saltstack Salt

CVE-2020-28243 A command injection vulnerability in SaltStack...

GlassWire: Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM

GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one...

CVE-2019-11528

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

CVE-2019-11528

CVE-2019-11528 affects Softing uaGate SI 1.60.01. The issue is that a system default path for executables is user-writable, allowing an attacker to modify or add executables in that path. No remediation details are provided in the connected documents. If exploiting details are present, they are n...

HP Managed Printing Administration jobAcct Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Microsoft Windows RIS TFTP Service Writable Path (MS06-077; CVE-2006-5584)

The Remote Installation Service, RIS, is a Microsoft-supplied server that provides tools that facilitates the remote installation of Microsoft Windows. RIS requires that remote clients have a Preboot eXecution Environment PXE BIOS enabled to remotely execute boot environment variables. On Microso...

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution 926121 Published: December 12, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum...