Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12280 | 2 Dell, Pc-doctor | 3 Supportassist For Business Pcs, Supportassist For Home Pcs, Toolbox | 2019-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. | |||||
| CVE-2018-7840 | 1 Pelco | 1 Videoxpert Opscenter | 2019-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL. | |||||
| CVE-2018-20211 | 1 Exiftool Project | 1 Exiftool | 2019-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). | |||||
| CVE-2018-7799 | 1 Schneider-electric | 1 Software Update Utility | 2018-12-27 | 9.3 HIGH | 7.8 HIGH |
| A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | |||||
| CVE-2018-15976 | 1 Adobe | 1 Technical Communications Suite | 2018-12-17 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-5238 | 1 Symantec | 2 Norton Power Eraser, Symdiag | 2018-11-14 | 6.8 MEDIUM | 7.8 HIGH |
| Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | |||||
| CVE-2014-8393 | 1 Corel | 5 Coreldraw, Coreldraw Photo Paint, Paint Shop Pro and 2 more | 2018-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |||||
| CVE-2017-14020 | 1 Automationdirect | 10 C-more Micro, C-more Micro Firmware, C-more Plc and 7 more | 2018-07-31 | 9.3 HIGH | 7.8 HIGH |
| In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. | |||||
| CVE-2017-9648 | 1 Solarcontrols | 1 Wattconfig M | 2017-08-24 | 9.3 HIGH | 7.8 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. | |||||
| CVE-2017-9646 | 1 Solarcontrols | 1 Heating Control Downloader | 2017-08-24 | 9.3 HIGH | 7.8 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. | |||||
| CVE-2017-9661 | 1 Simplight | 1 Scada | 2017-08-23 | 5.1 MEDIUM | 7.0 HIGH |
| An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. | |||||
| CVE-2017-2288 | 1 Lhaforge Project | 1 Lhaforge | 2017-08-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2287 | 1 Sony | 1 Nfc Port Software Remover | 2017-08-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2286 | 1 Sony | 12 Nfc Net Installer, Nfc Port Firmware, Pc\/sc Activator For Type B and 9 more | 2017-08-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-4987 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2017-06-29 | 4.4 MEDIUM | 7.3 HIGH |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability. | |||||
| CVE-2017-2210 | 1 Gsi | 1 Patchjgd | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-5161 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2017-03-15 | 9.3 HIGH | 7.2 HIGH |
| An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. | |||||
| CVE-2016-4526 | 1 Trane | 1 Tracer Sc | 2016-11-28 | 6.9 MEDIUM | 7.5 HIGH |
| ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | |||||