Published: 24/06/2016 Updated: 31/12/2016

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Multiple untrusted search path vulnerabilities in cURL and libcurl prior to 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl

SecurityCenter uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to SecurityCenter cURL / libcurl DLL Hijacking Arbitrary Code Execution cURL / l ...

Wazuh API client for Ruby

Wazuh Ruby Client A Ruby client for the wazuh APIs Installation Add this line to your application's Gemfile: gem 'wazuh-ruby-client' Usage Wazuhconfigure do |config| configendpoint = "wazuhlocal:55000" configbasic_user = "foo" configbasic_password = "bar" configverify_s

CWE-264 http://www.securitytracker.com/id/1036008 https://curl.haxx.se/docs/adv_20160530.html http://www.securityfocus.com/bid/90997 https://nvd.nist.gov https://github.com/mrtc0/wazuh-ruby-client https://www.tenable.com/security/tns-2016-12

CVE-2016-4802

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect