CWE:
 

Tytuł
Data
Autor
Med.
SentinelOne sentinelagent 22.3.2.5 Privilege Escalation
07.12.2022
ouch_this_hurts
Med.
Microsoft SAFER Bypass
30.04.2021
Stefan Kanthak
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
ArcServe UDP - Download Manager/Setup - DLL Hijacking
06.09.2016
sh4d0wman
High
ArcServe UDP - Unquoted Service Path Privilege Escalation
06.09.2016
sh4d0wman
Med.
Corel Software DLL Hijacking
14.01.2015
CORE
Med.
Karotz Smart Rabbit 12.07.19.00 Hijacking & Cleartext Token
02.08.2013
Daniel Crowley


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-01-03
Waiting for details
CVE-2023-6338

Updating...
 

 
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

 
2023-12-25
Waiting for details
CVE-2023-43064

Updating...
 

 
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.

 
2023-12-17
Waiting for details
CVE-2023-6891

Updating...
 

 
A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.

 
2023-12-12
Waiting for details
CVE-2023-41117

Updating...
 

 
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.

 
Waiting for details
CVE-2023-48677

Updating...
 

 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.

 
Waiting for details
CVE-2020-28369

Updating...
 

 
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

 
2023-12-08
Waiting for details
CVE-2023-6061

Updating...
 

 
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

 
2023-12-07
Waiting for details
CVE-2023-48861

Updating...
 

 
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

 
2023-10-09
Waiting for details
CVE-2023-5463

Updating...
 

 
A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2023-09-30
Waiting for details
CVE-2022-4956

Updating...
 

 
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top