Total
492 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10825 | 1 Flets-w | 1 Flets Easy Setup Tool | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10864 | 1 Hitachi-solutions | 1 Confidential File Viewer | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2242 | 1 Ntt | 1 Flets Setsuzoku Tool | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-8137 | 1 Huawei | 1 Hedex Lite | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. | |||||
CVE-2017-10849 | 1 Fujixerox | 1 Docuworks | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2248 | 1 Chitora | 1 Lhaz\+ | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10858 | 1 Daj | 1 I-filter Installer | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10848 | 1 Fujixerox | 2 Docuworks, Docuworks Viewer Light | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10821 | 1 Enecho.meti | 1 Shin Kikan Toukei Houkoku Data Nyuryokuyou Program | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2178 | 1 Atla | 1 Electronic Tendering And Bid Opening System | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | |||||
CVE-2017-10885 | 1 Sbisec | 1 Hyper Sbi | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2252 | 1 Sourcenext | 1 File Compact | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2289 | 1 Kddi | 2 Qua Station, Qua Station Firmware | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-15566 | 1 Schedmd | 1 Slurm | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | |||||
CVE-2017-10836 | 1 Optim | 1 Optimal Guard | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2227 | 1 Charamin | 1 Omp | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-1144 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-02-04 | 1.9 LOW | 2.5 LOW |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | |||||
CVE-2017-12252 | 1 Cisco | 1 Findit Network Discovery Utility | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785. | |||||
CVE-2017-2206 | 1 Saat | 1 Netizen | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |