Sharp RW-5100 for Windows untrustworthy search path vulnerability (CNVD-2017-11056)

Sharp RW-5100 for Windows is a Windows-based tool for IC card readers from Sharp Japan that verifies the execution environment. An untrusted search path vulnerability exists in Sharp RW-5100 for Windows 7 version 1.1.0.0 and RW-5100 for Windows 8.1 version 1.2.0.0. An attacker can exploit this...

Sharp RW-4040 for Windows Untrusted Search Path Vulnerability

Sharp RW-4040 for Windows is a tool for Windows-based IC card readers from Sharp Japan that can be used to verify the execution environment. An untrustworthy search path vulnerability exists in Sharp RW-4040 for Windows version 7 1.2.0.0. An attacker can exploit this vulnerability to gain...

Huawei HedEx Lite DLL Hijacking Vulnerability

Huawei HedEx Lite is a document management software from Huawei China. A DLL hijacking vulnerability exists in Huawei HedEx Lite versions prior to V200R006C00, which originates from accessing a relative path to call a DLL file during HedEx operation. A remote attacker could exploit this...

CVE-2017-7494 Samba remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

5 on 24 May, the Samba official news release, the Samba server software remote code execution vulnerability. An attacker can use the client to specify the library files to upload to have write permissions to the shared directory, will cause the server to load and execute the specified library fil...

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Overview Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

Rapid7 AppSpider Pro DLL Preloading Vulnerability (CNVD-2017-10390)

AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A DLL preloading vulnerability exists in the Rapid7 AppSpider Pro installer, which can be exploited by an attacker to load a malicious DLL...

CVE-2017-2107

Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory...

Sogou High Speed Browser suffers from dll hijacking vulnerability

Sogou High Speed Browser is a dual-core browser developed by Sogou. A dll hijacking vulnerability exists in Sogou High Speed Browser. The vulnerability is caused due to unsafe loading of library files by the SogouExplorer.exe component of Sogou High Speed Browser. By constructing a malicious...

ABBYY PDF Transformer+ dll Hijacking Vulnerability

ABBYY PDF Transformer+ is a pdf format converter from ABBYY. ABBYY PDF Transformer+'s Transformer.exe component has a dll hijacking vulnerability, due to insecure loading of library files, an attacker can construct a malicious application and place it in a specific path, which allows the...

CVE-2017-3012

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading DLL hijacking vulnerability in the OCR plugin...

CVE-2017-6033

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System IGSS Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path...

SCADA engine BACnetOPCServer suffers from dll hijacking vulnerability

SCADA system is a data acquisition and monitoring control system. bacnetOPCServer is the server software for the SCADA engine. The BACnetOPCServer software's BACnSvrTest.exe component is vulnerable to DLL hijacking due to insecure loading of library files, which can be used to maliciously load a...

CVE-2016-8274

Huawei PC client software HiSuite 4.0.5.300OVE has a dynamic link library DLL hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code...

Introducing Monitor.app for macOS

As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the...

CVE-2016-7583

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory...

CVE-2016-7583

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory...

CVE-2016-7583

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory...

Directory traversal

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory...

CVE-2016-7583

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory...

Skype for Windows Untrustworthy Search Path Vulnerability

Microsoft Skype is a suite of instant messaging software from the American company Microsoft. An untrusted search path vulnerability exists in Microsoft Skype. A local attacker can exploit this vulnerability by executing arbitrary code with the help of the msi.dll, dpapi.dll, or cryptui.dll files...