Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0562 | 1 Coderium | 1 Soundengine | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0561 | 1 Securebrain | 1 Phishwall | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0552 | 1 Securebrain | 1 Phishwall Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0544 | 1 Woodybells | 1 Winshot | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0543 | 1 Woodybells | 1 Jtrim | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0540 | 1 Vix Project | 1 Vix | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0517 | 1 Kddi | 1 Anshin Net Security | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0516 | 1 Flets | 1 Address Selection Tool | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0515 | 1 Flets | 1 Azukeru Backup Tool | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0507 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2017-7327 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
|
|||||
| CVE-2017-5696 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.
|
|||||
| CVE-2017-2802 | 1 Dell | 1 Precision Optimizer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
|
|||||
| CVE-2017-20123 | 2 Microsoft, Sparklabs | 2 Windows, Viscosity | 2024-11-21 | 6.9 MEDIUM | 8.8 HIGH |
|
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
|
|||||
| CVE-2017-15913 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The Installer in Whale allows DLL hijacking.
|
|||||
| CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the a ...
Show More |
|||||
| CVE-2016-6593 | 1 Symantec | 1 Vip Access Desktop | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
|
|||||
| CVE-2016-10837 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
|
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
|
|||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
|
|||||
| CVE-2013-3942 | 1 Daum | 1 Potplayer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability
|
|||||
| CVE-2013-3494 | 1 Umplayer Project | 1 Umplayer | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.
|
|||||
| CVE-2013-2773 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution
|
|||||
| CVE-2011-4125 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
|
|||||
| CVE-2024-49043 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-15 | N/A | 7.8 HIGH |
|
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
|
|||||
| CVE-2024-36507 | 1 Fortinet | 1 Forticlient | 2024-11-14 | N/A | 7.8 HIGH |
|
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
|
|||||
| CVE-2024-49515 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | N/A | 7.8 HIGH |
|
Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user in ...
Show More |
|||||
| CVE-2024-9325 | 1 Intelbras | 1 Incontrol Web | 2024-11-04 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about t ...
Show More |
|||||
| CVE-2024-43616 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-10-21 | N/A | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2024-47422 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-10-18 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-32266 | 2024-10-18 | N/A | N/A | ||
|
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.
This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.
|
|||||
| CVE-2024-43576 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2024-10-16 | N/A | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2024-8733 | 2024-10-04 | N/A | 8.0 HIGH | ||
|
A potential security vulnerability
has been identified in the HP One Agent for certain HP PC products, which might
allow for escalation of privilege. HP is releasing software updates to mitigate
this potential vulnerability.
|
|||||
| CVE-2024-5622 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 7.8 HIGH |
|
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
|
|||||
| CVE-2024-5623 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 7.8 HIGH |
|
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
|
|||||
| CVE-2024-6473 | 1 Yandex | 1 Yandex Browser | 2024-09-05 | N/A | 7.8 HIGH |
|
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
|
|||||
| CVE-2024-42439 | 1 Zoom | 2 Meeting Software Development Kit, Workplace Desktop | 2024-08-29 | N/A | 6.5 MEDIUM |
|
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
|
|||||
| CVE-2024-6975 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 8.8 HIGH |
|
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.
This issue affects SDP Client before 5.10.34.
|
|||||
| CVE-2024-6974 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 7.8 HIGH |
|
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
|
|||||
| CVE-2024-41865 | 1 Adobe | 1 Dimension | 2024-08-19 | N/A | 7.8 HIGH |
|
Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.
|
|||||