Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-0592 | 1 Microsoft | 1 Onedrive | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0552 | 1 Securebrain | 1 Phishwall Client | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2802 | 1 Dell | 1 Precision Optimizer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. | |||||
| CVE-2018-1000201 | 2 Microsoft, Ruby-ffi Project | 2 Windows, Ruby-ffi | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | |||||
| CVE-2018-6318 | 1 Sophos | 1 Sophos Tester | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack. | |||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | |||||
| CVE-2018-10027 | 1 Estsoft | 1 Alzip | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. | |||||
| CVE-2018-6218 | 1 Trendmicro | 5 Deep Security, Endpoint Sensor, Officescan and 2 more | 2024-02-04 | 5.1 MEDIUM | 7.0 HIGH |
| A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | |||||
| CVE-2018-0601 | 1 Axpdfium Project | 1 Axpdfium | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | |||||
| CVE-2018-7239 | 1 Schneider-electric | 13 Atv12 Dtm, Atv212 Dtm, Atv312 Dtm and 10 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | |||||
| CVE-2018-13102 | 2 Anydesk, Microsoft | 2 Anydesk, Windows 7 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | |||||
| CVE-2018-0593 | 1 Microsoft | 1 Onedrive | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0543 | 1 Woodybells | 1 Jtrim | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0544 | 1 Woodybells | 1 Winshot | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0598 | 1 Microsoft | 1 Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0580 | 1 Celsys | 3 Clip Studio Action, Clip Studio Modeler, Clip Studio Paint | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0516 | 1 Flets | 1 Address Selection Tool | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0595 | 1 Microsoft | 2 Skype, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||