PT-2023-1883 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originated from a vulnerability that could allow an attacker who had previously gained administrative privileges through other means to bypass the protection by...

SUSE CVE-2009-0521

Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH...

SUSE CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

SUSE CVE-2010-3386

usttrace in LTTng Userspace Tracer aka UST 0.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

SUSE CVE-2010-3976

Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a fi...

SUSE CVE-2011-0575

Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory...

SUSE CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

SUSE CVE-2016-6167

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 UxTheme.dll or 2 ntmarta.dll file in the current working directory...

SUSE CVE-2017-1000010

Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution...

SUSE CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

PT-2023-3022 · Telegram · Telegram

Name of the Vulnerable Software and Affected Versions: Telegram versions 9.3.1 through 9.4.0 Description: The issue is related to insufficient access control in Telegram, allowing remote attackers to access restricted files, the microphone, or video recording. This is achieved via the DYLD INSERT...

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...

Baidu Netdisk 代码问题漏洞

Baidu Netdisk 百度网盘 is a personal cloud storage service software from the Chinese company Baidu. A security vulnerability exists in Baidu Netdisk 7.4.3 and earlier versions, which stems from an untrusted search path vulnerability that allows an attacker to gain privileges via a Trojan horse DLL in...

Squirrel.Windows 代码问题漏洞

Squirrel.Windows is a Squirrel open source installation and update framework for Windows desktop applications. A security vulnerability exists in Squirrel.Windows version 2.0.1 and prior versions, which stems from an issue with the installer containing a DLL search path, which could lead to unsaf...

CVE-2022-42945

DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system...

HCL Notes 缓冲区错误漏洞

HCL Notes is an email software from HCL India. The software supports access to emails, calendars, contacts, etc. HCL Notes suffers from a buffer error vulnerability that stems from vulnerability to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView, which can be...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from a DYLIB injection that can be performed on macOS...

PT-2022-27985 · Jetbrains · Jetbrains Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for a DYLIB injection on macOS. This means that an attacker could potentially inject malicious code into the system. No information is provided about the estimated...

PT-2022-7153 · Autodesk · Autodesk Installer

Name of the Vulnerable Software and Affected Versions: Autodesk Installer affected versions not specified Description: The issue is related to a maliciously crafted DLL file that can be forced to write beyond allocated boundaries when the Autodesk installer parses the DLL files. This could lead t...