Search
Total
382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5911 | 2 Micco, Microsoft | 2 Unlha32.dll, Windows | 2019-02-19 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-5913 | 2 Micco, Microsoft | 2 Lhmelting, Windows | 2019-02-19 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-18364 | 1 Symantec | 1 Ghost Solution Suite | 2019-02-13 | 6.0 MEDIUM | 7.3 HIGH |
| Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. | |||||
| CVE-2018-18629 | 1 Keybase | 1 Keybase | 2019-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. | |||||
| CVE-2018-16176 | 1 Jaea | 1 Mapping Tool | 2019-01-30 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2019-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16182 | 1 Rakuten-sec | 1 Market Speed | 2019-01-23 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-17980 | 1 Nomachine | 1 Nomachine | 2019-01-22 | 6.8 MEDIUM | 7.8 HIGH |
| NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.). | |||||
| CVE-2018-0667 | 1 Mnc | 2 Inplc-rt Sdk Express, Inplc Sdk Pro\+ | 2019-01-22 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12245 | 1 Symantec | 1 Endpoint Protection | 2018-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated. | |||||
| CVE-2018-0692 | 1 Baidu | 1 Spark Browser | 2018-12-18 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-15974 | 1 Adobe | 1 Framemaker | 2018-12-17 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-0597 | 1 Microsoft | 1 Visual Studio Code | 2018-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0649 | 1 Eset | 6 Compusec, Deslock\+ Pro, Internet Security and 3 more | 2018-11-19 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0648 | 1 Chatwork | 1 Chatwork | 2018-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-5003 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2018-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2018-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0623 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products. | |||||
| CVE-2018-0624 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. | |||||
| CVE-2016-7300 | 1 Microsoft | 1 Auto Updater For Mac | 2018-10-12 | 4.6 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | |||||
| CVE-2016-1417 | 1 Snort | 1 Snort | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. | |||||
| CVE-2015-8264 | 1 F-secure | 1 F-secure Online Scanner | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. | |||||
| CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2018-10-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2192 | 1 Sharp | 1 Rw-5100 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2189 | 1 Sharp | 1 Rw-4040 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0619 | 1 Glarysoft | 1 Glary Utilities | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0620 | 1 Logitech | 1 Game Software | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0621 | 1 Logitech | 1 Connection Utility Software | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-13102 | 2 Anydesk, Microsoft | 2 Anydesk, Windows 7 | 2018-09-11 | 6.8 MEDIUM | 7.8 HIGH |
| AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | |||||
| CVE-2016-10009 | 1 Openbsd | 1 Openssh | 2018-09-11 | 7.5 HIGH | 7.3 HIGH |
| Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | |||||
| CVE-2018-13133 | 1 Goldenfrog | 1 Vyprvpn | 2018-09-06 | 4.6 MEDIUM | 7.8 HIGH |
| Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | |||||
| CVE-2018-0563 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2018-08-30 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | |||||
| CVE-2018-0599 | 1 Microsoft | 1 Windows | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0609 | 1 Linecorp | 1 Line | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0598 | 1 Microsoft | 1 Windows | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0601 | 1 Axpdfium Project | 1 Axpdfium | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0596 | 1 Microsoft | 1 Visual Studio Community | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0595 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0592 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0594 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0593 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-1000201 | 2 Microsoft, Ruby-ffi Project | 2 Windows, Ruby-ffi | 2018-08-13 | 6.8 MEDIUM | 7.8 HIGH |
| ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | |||||
| CVE-2017-7755 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2018-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2018-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | |||||
| CVE-2018-7884 | 1 Displaylink | 1 Core Software Cleaner | 2018-08-01 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. | |||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 9.3 HIGH | 7.8 HIGH |
| AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | |||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-4927 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2018-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||