VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 18 of 18
  • CVE-2022-26183Mar 21, 2022
    risk 0.00cvss epss 0.02

    PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

  • CVE-2022-26184Mar 21, 2022
    risk 0.00cvss epss 0.02

    Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows…

  • CVE-2021-21237Jan 15, 2021
    risk 0.00cvss epss 0.00

    Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does…

  • CVE-2015-3987May 14, 2015
    risk 0.00cvss epss 0.00

    Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.

  • CVE-2011-5158Sep 7, 2012
    risk 0.00cvss epss 0.02

    Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working…

  • CVE-2010-5250Sep 7, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained…

  • CVE-2012-2040Jun 9, 2012
    risk 0.00cvss epss 0.04

    Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on…

  • CVE-2011-3640Oct 28, 2011
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was…

  • CVE-2011-3691Sep 27, 2011
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

  • CVE-2010-4833Sep 6, 2011
    risk 0.00cvss epss 0.02

    Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.

  • CVE-2010-4831Sep 6, 2011
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.

  • CVE-2010-3159Oct 25, 2010
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

  • CVE-2009-0314Jan 28, 2009
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

  • CVE-2008-5983Jan 28, 2009
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code…

  • CVE-2008-3357Aug 5, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."