Total
492 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10822 | 1 Enecho.meti | 1 Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10891 | 1 Sony | 1 Media Go | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10820 | 1 Ipa | 1 Ip Messenger | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-12313 | 1 Cisco | 1 Packet Tracer | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. | |||||
CVE-2017-10828 | 1 Ntt | 1 Flets Install Tool | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2015-8264 | 1 F-secure | 1 F-secure Online Scanner | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. | |||||
CVE-2017-2192 | 1 Sharp | 1 Rw-5100 | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10812 | 1 Nttdocomo | 1 Photo Collection Pc Software | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-11742 | 2 Libexpat Project, Microsoft | 2 Libexpat, Windows | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | |||||
CVE-2017-2269 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2268 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-11749 | 1 Internet-soft | 1 Ftp Commander | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | |||||
CVE-2017-2193 | 1 Tera Term Project | 1 Tera Term | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-8746 | 1 Apache | 1 Ranger | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | |||||
CVE-2017-2177 | 1 Shogyo | 1 Touki Denshi | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-6803 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. | |||||
CVE-2017-2272 | 1 Hibara | 1 Attachecase | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-11657 | 1 Dashlane | 1 Dashlane | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | |||||
CVE-2017-10823 | 1 Enecho.meti | 1 Shin Kinkyuji Houkoku Data Nyuryoku Program | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |