Export limit exceeded: 363015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (669 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2167 1 Softbank 1 Primedrive Desktop Application 2025-04-20 N/A
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
CVE-2017-2227 1 Charamin 1 Omp 2025-04-20 N/A
Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2232 1 Moj 1 Shinseiyo Sogo Soft 2025-04-20 N/A
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2248 1 Chitora 1 Lhaz\+ 2025-04-20 N/A
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2249 1 Chitora 1 Lhaz\+ 2025-04-20 N/A
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-6189 1 Amazon 1 Kindle For Pc 2025-04-20 N/A
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.
CVE-2017-2279 1 Kiri 1 Tween 2025-04-20 N/A
Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-1144 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
CVE-2017-3007 2 Adobe, Microsoft 2 Creative Cloud, Windows 2025-04-20 N/A
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
CVE-2017-16690 1 Sap 1 Plant Connectivity 2025-04-20 N/A
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.
CVE-2016-8746 1 Apache 1 Ranger 2025-04-20 N/A
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
CVE-2016-6167 1 Putty 1 Putty 2025-04-20 7.8 High
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
CVE-2015-0974 1 Mobilis 1 Mobiconnect 2025-04-20 N/A
Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.
CVE-2014-8358 1 Huawei 6 Ec156, Ec156 Firmware, Ec176 and 3 more 2025-04-20 N/A
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
CVE-2017-6768 1 Cisco 1 Application Policy Infrastructure Controller 2025-04-20 N/A
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).
CVE-2017-6798 1 Trendmicro 1 Endpoint Sensor 2025-04-20 7.8 High
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
CVE-2016-4846 1 Securebrain 1 Phishwall Client 2025-04-20 N/A
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.
CVE-2017-2206 1 Saat 1 Netizen 2025-04-20 N/A
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2983 1 Adobe 1 Shockwave Player 2025-04-20 N/A
Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.
CVE-2016-7804 1 7-zip 1 7-zip 2025-04-20 N/A
Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.