Windows Migration Assistant < 2.2.0.0 Arbitrary Code Execution (HT211186)

According to its self-reported version number, the version of Windows Migration Assistant installed on the remote host is prior to 2.2.0.0. It is, therefore, affected by an arbitrary code execution vulnerability due to a dynamic library loading issue. An unauthenticated, local attacker can exploi...

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

IBM Aspera Connect Code Execution Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM in the United States. A code execution vulnerability exists in IBM Aspera Connect version 3.9.9, which stems from a failure to properly load a dynamic link library and can be exploited by an...

CVE-2020-4545

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitra...

UBUNTU-CVE-2020-24972

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...

CVE-2020-7360

An Uncontrolled Search Path Element CWE-427 vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was...

DLL Hijacking Vulnerability in WPS Office Campus Edition (CNVD-2020-51405)

WPS Office Campus is a lifetime free office software for teachers and students. WPS Office Campus Edition suffers from a DLL hijacking vulnerability, which can be exploited by attackers to load a malicious DLL...

Seafile seafile-client code issue vulnerability

Seafile is an open source enterprise cloud disk from Haven Hootsuite Networks Technology. The product features Markdown WYSIWYG editing, Wiki, file tagging, etc. seafile-client is a Seafile client application. A security vulnerability exists in Seafile seafile-client version 7.0.8, which originat...

Mozilla Firefox Code Problem Vulnerability (CNVD-2020-46337)

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application...

CVE-2020-15723

In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system...

CVE-2020-9100

Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing...

CVE-2020-5755

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation...

PowerSploit

This is an offensive tool for Windows. It is a PowerShell module called PowerSploit, which contains various functions for code execution, DLL injection, and antivirus bypass. The module includes several sub-modules, such as CodeExecution and AntivirusBypass, each with its own set of functions. Th...

DLL Hijacking Vulnerability in SamSoarII of Shenzhen Xianzhong Technology Co.

Shenzhen XianControl Technology is a high-tech enterprise specializing in the research and development, production, sales and service of Industry 4.0 core products. Ltd. SamSoarII has a DLL hijacking vulnerability, which can be exploited by an attacker to load a malicious dll and execute maliciou...

Mids Reborn Hero Designer Code Issue Vulnerability

Mids Reborn Hero Designer is a suite of game character design software from Jason Thompson Software Developers. A code issue vulnerability exists in Mids Reborn Hero Designer version 2.6.0.7, which stems from the program failing to assign safe default permissions to the installation path, and can...

CVE-2020-9858

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 v. 1A11. Running the installer in an untrusted directory may result in arbitrary code execution...

CVE-2020-9858

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 v. 1A11. Running the installer in an untrusted directory may result in arbitrary code execution...

CVE-2020-9858

CVE-2020-9858 relates to Apple Windows Migration Assistant. It describes a dynamic library loading issue in the Windows Installer component; running the installer from an untrusted directory could allow arbitrary code execution. The vulnerability is addressed in Windows Migration Assistant versio...

CVE-2020-9858

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 v. 1A11. Running the installer in an untrusted directory may result in arbitrary code execution...

DLL Hijacking Vulnerability in WPS Office for Windows

WPS Office for Windows is the software of Zhuhai Kingsoft Office Software Co., Ltd, which can realize the text, table, presentation and many other functions commonly used in office software. WPS Office for Windows suffers from a DLL hijacking vulnerability, which can be exploited by attackers to...