Soft-o Free Password Manager 1.1.20 DLL Hijacking

Title: Soft-o Free Password Manager 1.1.20 DLL hijacking Credit: Christian Bortone CVE: CVE-2023-25428 Date: 08/05/2023 dd/mm/yyyy Details: PMHook.dll is vulnerable to DLL hijacking attacks. An attacker can launch a DLL hijacking attack by placing a malicious DLL named PMHook.dll in the target...

JVN#76257155: Trend Micro Security may insecurely load Dynamic Link Libraries

Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

CVE-2023-28260

A vulnerability was found in dotNet. A runtime DLL may be loaded from an unexpected location, resulting in remote code execution...

SUSE CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...

CVE-2022-31611

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to...

CVE-2022-31611

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to...

CVE-2022-31694

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer...

CVE-2022-31694

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer...

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

SONY Content Transfer Code Issue Vulnerability

SONY Content Transfer is a file transfer software from Sony Japan. It is suitable for customers who manage music, video, photo, and podcast content using iTunes, etc. SONY Content Transfer suffers from a code issue vulnerability that stems from the installer containing a DLL search path issue tha...

CVE-2022-41747

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

PT-2022-26053 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to an improper certification validation vulnerability in Trend Micro Apex One agents. This could allow a local attacker to load a DLL file with system...

The vulnerability of the DLL library loading mechanism of the Firefox web browser for Windows allows a hacker to trigger a service failure.

The vulnerability of the Firefox web browser’s DLL library loading mechanism for Windows is related to the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-2333 Honeywell SoftMaster Uncontrolled Search Path Element

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions...

JVN#44721267: Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the lates...

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process for DLL libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the SIMATIC Energy Manager Basic and SIMATIC Energy Manager PRO software lies in an uncontrolled element of the loading process when libraries of DLL files are loaded. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

The vulnerability of the Yandex Browser installer allows a hacker to execute arbitrary code.

The vulnerability of the Yandex Browser installer exists due to the lack of checks for the loading of files such as dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll, and profapi.dll. Exploiting this vulnerability allows a hacker to execute arbitrary code...