106 matches found
Exploit for CVE-2023-38820
DLL-Planting-Slack-4.33.73-CVE-2023-38820 DLL Planting in the...
Qualys Cloud Agent 代码问题漏洞
Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 4.5.3.1, which stems from a malicious copy of the Dependency Link Library DLL that allows an...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...
PT-2023-1883 · Mcafee · Mcafee Total Protection
Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...
SUSE CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...
Squirrel.Windows 代码问题漏洞
Squirrel.Windows is a Squirrel open source installation and update framework for Windows desktop applications. A security vulnerability exists in Squirrel.Windows version 2.0.1 and prior versions, which stems from an issue with the installer containing a DLL search path, which could lead to unsaf...
PT-2022-27985 · Jetbrains · Jetbrains Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for a DYLIB injection on macOS. This means that an attacker could potentially inject malicious code into the system. No information is provided about the estimated...
PT-2022-7153 · Autodesk · Autodesk Installer
Name of the Vulnerable Software and Affected Versions: Autodesk Installer affected versions not specified Description: The issue is related to a maliciously crafted DLL file that can be forced to write beyond allocated boundaries when the Autodesk installer parses the DLL files. This could lead t...
Qt 代码问题漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
Softing Secure Integration Server 路径遍历漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A path traversal vulnerability exists in Softing Secure...
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...
HiBARA Software AttacheCase 代码问题漏洞
HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 4.0.2.7, which arises from loading DLL libraries in an insecure manner. A remote attacker can...
HiBARA Software AttacheCase 代码问题漏洞
HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 3.6.1.0, which arises from an application loading DLL libraries in an insecure manner. A remo...
CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...
CVE-2022-25969
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL or some other DLLs, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer...
Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries
Overview Trend Micro Incorporated has released a security update for Trend Micro Portable Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A local attacker may obtain the administrative privilege when the product's...
CVE-2022-23401
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...
Fortinet FortiClient 代码问题漏洞
FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...
ISaGRAF 代码问题漏洞
Rockwell Automation ISaGRAF is an automation software technology for creating integrated automation solutions from Rockwell Automation. It is designed to be scalable and portable and is suitable for the development of small controllers and large distributed automation systems. ISaGRAF suffers fro...
Windows Migration Assistant < 2.2.0.0 Arbitrary Code Execution (HT211186)
According to its self-reported version number, the version of Windows Migration Assistant installed on the remote host is prior to 2.2.0.0. It is, therefore, affected by an arbitrary code execution vulnerability due to a dynamic library loading issue. An unauthenticated, local attacker can exploi...