Search
Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0692 | 1 Baidu | 1 Spark Browser | 2018-12-18 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-15974 | 1 Adobe | 1 Framemaker | 2018-12-17 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-0597 | 1 Microsoft | 1 Visual Studio Code | 2018-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0649 | 1 Eset | 6 Compusec, Deslock\+ Pro, Internet Security and 3 more | 2018-11-19 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0648 | 1 Chatwork | 1 Chatwork | 2018-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-5003 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2018-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2018-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0623 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products. | |||||
| CVE-2018-0624 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. | |||||
| CVE-2016-7300 | 1 Microsoft | 1 Auto Updater For Mac | 2018-10-12 | 4.6 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | |||||
| CVE-2016-1417 | 1 Snort | 1 Snort | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. | |||||
| CVE-2015-8264 | 1 F-secure | 1 F-secure Online Scanner | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. | |||||
| CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2018-10-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2189 | 1 Sharp | 1 Rw-4040 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2192 | 1 Sharp | 1 Rw-5100 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0619 | 1 Glarysoft | 1 Glary Utilities | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0620 | 1 Logitech | 1 Game Software | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0621 | 1 Logitech | 1 Connection Utility Software | 2018-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-13102 | 2 Anydesk, Microsoft | 2 Anydesk, Windows 7 | 2018-09-11 | 6.8 MEDIUM | 7.8 HIGH |
| AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | |||||
| CVE-2016-10009 | 1 Openbsd | 1 Openssh | 2018-09-11 | 7.5 HIGH | 7.3 HIGH |
| Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | |||||
| CVE-2018-13133 | 1 Goldenfrog | 1 Vyprvpn | 2018-09-06 | 4.6 MEDIUM | 7.8 HIGH |
| Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | |||||
| CVE-2018-0563 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2018-08-30 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | |||||
| CVE-2018-0609 | 1 Linecorp | 1 Line | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0599 | 1 Microsoft | 1 Windows | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0598 | 1 Microsoft | 1 Windows | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0601 | 1 Axpdfium Project | 1 Axpdfium | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0596 | 1 Microsoft | 1 Visual Studio Community | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0595 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0593 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0594 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0592 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-1000201 | 2 Microsoft, Ruby-ffi Project | 2 Windows, Ruby-ffi | 2018-08-13 | 6.8 MEDIUM | 7.8 HIGH |
| ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | |||||
| CVE-2017-7755 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2018-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2018-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | |||||
| CVE-2018-7884 | 1 Displaylink | 1 Core Software Cleaner | 2018-08-01 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. | |||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 9.3 HIGH | 7.8 HIGH |
| AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | |||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-4927 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2018-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-0580 | 1 Celsys | 3 Clip Studio Action, Clip Studio Modeler, Clip Studio Paint | 2018-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-10027 | 1 Estsoft | 1 Alzip | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. | |||||
| CVE-2017-15913 | 1 Navercorp | 1 Whale | 2018-06-16 | 6.8 MEDIUM | 7.8 HIGH |
| The Installer in Whale allows DLL hijacking. | |||||
| CVE-2017-2802 | 1 Dell | 1 Precision Optimizer | 2018-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. | |||||
| CVE-2011-5158 | 1 Datev | 1 Grundpaket Basis | 2018-05-23 | 9.3 HIGH | N/A |
| Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2018-05-22 | 6.8 MEDIUM | 7.8 HIGH |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
| CVE-2018-0561 | 1 Securebrain | 1 Phishwall | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0562 | 1 Coderium | 1 Soundengine | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0552 | 1 Securebrain | 1 Phishwall Client | 2018-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0540 | 1 Vix Project | 1 Vix | 2018-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||