CVE 2014-2096
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
See the
CVE page on Mitre.org
for more details.