CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-06-13
Medium
CVE-2019-5245

Vendor: Huawei
Software: Hisuite
 

 
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.

 
2019-06-12
Medium
CVE-2019-10971

Vendor: Omron
Software: Network conf...
 

 
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.

 
2019-06-03
High
CVE-2019-12177

Updating...
 

 
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

 
2019-06-02
High
CVE-2019-12569

Vendor: Rakuten
Software: Viber
 

 
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

 
2019-05-28
High
CVE-2019-5589

Vendor: Fortinet
Software: Forticlient
 

 
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

 
2019-05-24
Medium
CVE-2019-7093

Vendor: Adobe
Software: Creative cloud
 

 
Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

 
2019-05-17
Medium
CVE-2019-5957

Vendor: Soumu
Software: Electronic r...
 

 
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

 
Medium
CVE-2018-16156

Vendor: Fujitsu
Software: Paperstream ...
 

 
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.

 
Medium
CVE-2019-5958

Vendor: Soumu
Software: Electronic r...
 

 
Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

 
2019-05-10
Medium
CVE-2019-5676

Vendor: Nvidia
Software: Gpu driver
 

 
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top