Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16182 | 1 Rakuten-sec | 1 Market Speed | 2024-08-05 | N/A |
| Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2018-16156 | 1 Fujitsu | 1 Paperstream Ip \(twain\) | 2024-08-05 | 7.8 High |
| In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege. | ||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2024-08-05 | N/A |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2018-15974 | 1 Adobe | 1 Framemaker | 2024-08-05 | N/A |
| Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2018-13133 | 1 Goldenfrog | 1 Vyprvpn | 2024-08-05 | N/A |
| Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | ||||
| CVE-2018-13102 | 2 Anydesk, Microsoft | 2 Anydesk, Windows 7 | 2024-08-05 | N/A |
| AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | ||||
| CVE-2018-12449 | 1 Navercorp | 1 Whale | 2024-08-05 | N/A |
| The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. | ||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2024-08-05 | N/A |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | ||||
| CVE-2018-12245 | 1 Symantec | 1 Endpoint Protection | 2024-08-05 | N/A |
| Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated. | ||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2024-08-05 | N/A |
| AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | ||||
| CVE-2018-10959 | 1 Beyondtrust | 1 Avecto Defendpoint | 2024-08-05 | N/A |
| Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch. | ||||
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-08-05 | 8.8 High |
| It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | ||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 12 Ubuntu Linux, Debian Linux, Ansible Engine and 9 more | 2024-08-05 | 7.8 High |
| A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | ||||
| CVE-2018-10874 | 1 Redhat | 5 Ansible Engine, Enterprise Linux, Openstack and 2 more | 2024-08-05 | N/A |
| In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2024-08-05 | N/A |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||||
| CVE-2018-10027 | 1 Estsoft | 1 Alzip | 2024-08-05 | N/A |
| ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. | ||||
| CVE-2018-7884 | 1 Displaylink | 1 Core Software Cleaner | 2024-08-05 | N/A |
| An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. | ||||
| CVE-2018-7365 | 1 Zte | 2 Usmartview, Zxcloud Irai | 2024-08-05 | N/A |
| All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-6700 | 1 Mcafee | 1 True Key | 2024-08-05 | 7.8 High |
| DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. | ||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2024-08-05 | N/A |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | ||||