CVE-2017-20052

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

pgAdmin 代码问题漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin4 that originates from an application loading a DLL via python 2.7.13 that may load the wrong DLL file. An attacker can exploit this vulnerability t...

CVE-2022-30700

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2022-28394

EOL Product CVE - Installer of Trend Micro Password Manager Consumer versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Please note that this was reported on an EOL...

Design/Logic Flaw

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originates from a misassigned privilege in the service. A local attacker could exploit the vulnerability by loading a DLL on an affected installation to achieve...

Uncontrolled Search Path Element

Overview std/runtime is a Go standard library package std/runtime Affected versions of this package are vulnerable to Uncontrolled Search Path Element. Go Vulnerability Report: via the LoadLibrary process. An attacker can execute arbitrary code by placing a malicious DLL in a location where it wi...

Trend Micro Password Manager 代码问题漏洞

Trend Micro Password Manager is an application for managing website passwords and login IDs from Trend Micro. A code issue vulnerability exists in the Trend Micro Password Manager Installer that arises from the application loading a DLL library in an insecure manner. A remote attacker could use a...

Palo Alto Networks Cortex XDR Agent 代码问题漏洞

Palo Alto Networks Cortex XDR Agent is an endpoint security software from Palo Alto Networks. A code issue vulnerability exists in Palo Alto Networks Cortex XDR Agent that originates from an application loading DLL libraries in an insecure manner. An attacker could use this vulnerability to place...

The vulnerability of the DLL file loading mechanism of the NoMachine remote desktop access system allows a hacker to execute arbitrary code.

The vulnerability of the DLL file loading mechanism of the NoMachine remote desktop access system is related to incorrect handling of the path for finding DLL libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-33436

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as ...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

Yokogawa CENTUM and Exaopc Uncontrolled Search Path Element (CVE-2022-23401)

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. This plugin only work...

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL or some other DLLs, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

Directory traversal

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

CVE-2022-26511

CVE-2022-26511 affects WPS Presentation 11.8.0.5745 where DLL loading is insecure: it loads d3dx9_41.dll from the current directory when opening .pps files, enabling potential arbitrary code execution. Affected product: KINGSOFT WPS Presentation (part of WPS Office). Root cause: insecure DLL load...

KINGSOFT Installer of WPS Office 代码问题漏洞

KINGSOFT Installer of WPS Office is an installer and setup program for WPS Office from the Chinese company KINGSOFT. A code issue vulnerability exists in KINGSOFT Installer of WPS Office versions 10.8.0.5745 through 10.8.0.6186, which stems from the application loading DLL libraries in an insecur...

JVN#21234459: Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"

"WPS Office" and "KINGSOFT Internet Security" provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2022-25949 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

KINGSOFT Installer of WPS Office 代码问题漏洞

KINGSOFT Installer of WPS Office is an installer and setup program for WPS Office from the Chinese company KINGSOFT. A code issue vulnerability exists in KINGSOFT Installer of WPS Office versions 10.8.0.5745 through 10.8.0.6186, which stems from the application loading DLL libraries in an insecur...