Total
580 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-16997 | 2 Gnu, Redhat | 5 Glibc, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2025-04-20 | N/A |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | ||||
CVE-2017-10865 | 1 Hitachi-solutions | 1 Confidential File Decryption | 2025-04-20 | N/A |
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863. | ||||
CVE-2016-1417 | 1 Snort | 1 Snort | 2025-04-20 | N/A |
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. | ||||
CVE-2016-1281 | 1 Idrix | 2 Truecrypt, Veracrypt | 2025-04-20 | N/A |
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs. | ||||
CVE-2017-2108 | 1 Softbank | 1 Primedrive Desktop Application | 2025-04-20 | N/A |
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-12313 | 1 Cisco | 1 Packet Tracer | 2025-04-20 | N/A |
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. | ||||
CVE-2017-10827 | 1 Ntt | 1 Flets Azukuu Pc Automatic Backup Tool | 2025-04-20 | N/A |
Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-2268 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | N/A |
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-10885 | 1 Sbisec | 1 Hyper Sbi | 2025-04-20 | N/A |
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-2267 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | N/A |
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-11749 | 1 Internet-soft | 1 Ftp Commander | 2025-04-20 | 7.8 High |
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | ||||
CVE-2017-12414 | 1 Pcfreetime | 1 Format Factory | 2025-04-20 | N/A |
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. | ||||
CVE-2017-10887 | 2 Bookwalker, Microsoft | 2 Book Walker, Windows | 2025-04-20 | N/A |
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-2252 | 1 Sourcenext | 1 File Compact | 2025-04-20 | N/A |
Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-1144 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | N/A |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | ||||
CVE-2015-8264 | 1 F-secure | 1 F-secure Online Scanner | 2025-04-20 | N/A |
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. | ||||
CVE-2017-2233 | 1 Moj | 1 Pdf Digital Signature | 2025-04-20 | N/A |
Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
CVE-2017-11657 | 1 Dashlane | 1 Dashlane | 2025-04-20 | 7.3 High |
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | ||||
CVE-2014-8358 | 1 Huawei | 6 Ec156, Ec156 Firmware, Ec176 and 3 more | 2025-04-20 | N/A |
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. | ||||
CVE-2017-2228 | 1 Enecho.meti | 1 Teikihoukokusho Sakuseishien Tool | 2025-04-20 | N/A |
Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |