CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
ArcServe UDP - Download Manager/Setup - DLL Hijacking
06.09.2016
sh4d0wman
High
ArcServe UDP - Unquoted Service Path Privilege Escalation
06.09.2016
sh4d0wman
Med.
Corel Software DLL Hijacking
14.01.2015
CORE
Med.
Karotz Smart Rabbit 12.07.19.00 Hijacking & Cleartext Token
02.08.2013
Daniel Crowley


CVEMAP Search Results

CVE
Details
Description
2019-08-23
Medium
CVE-2019-7364

Vendor: Autodesk
Software: Advance steel
 

 
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

 
2019-07-19
Medium
CVE-2019-1010100

Vendor: AKEO
Software: Rufus
 

 
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

 
2019-07-15
Medium
CVE-2019-6825

Vendor: Schneider-electric
Software: Proclima
 

 
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

 
2019-06-25
Medium
CVE-2019-12280

Vendor: DELL
Software: Supportassis...
 

 
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

 
2019-05-22
Medium
CVE-2018-7840

Updating...
 

 
A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.

 
2019-05-09
High
CVE-2019-6564

Vendor: GE
Software: Communicator
 

 
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

 
Medium
CVE-2019-6546

Vendor: GE
Software: Communicator
 

 
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

 
2019-04-17
Low
CVE-2019-1794

Vendor: Cisco
Software: Meeting server
 

 
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

 
2019-04-11
Medium
CVE-2019-6534

Vendor: Gemalto
Software: Sentinel ult...
 

 
The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.

 
2019-03-25
Medium
CVE-2015-1014

Vendor: Schneider-electric
Software: Opc factory ...
 

 
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top