CVE-2016-0016

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL...

OPC Systems.NET Local Privilege Vulnerability

OPC Systems.NET is a complete suite of products from the OPC Foundation of America that provides all . A local elevation of privilege vulnerability exists in OPC Systems.NET 8.00.0023 and earlier versions, which stems from the program failing to properly load a Dynamic Link Library DLL file. An...

Python for Windows may insecurely load dynamic libraries

Overview Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile disable_functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile disablefunctions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

Microsoft Malware Removal Tool DLL Load Local Elevation of Privilege Vulnerability

Microsoft windows is a popular operating system.Microsoft Malicious Software Removal Tool is a malware removal tool on its system. Microsoft Malicious Software Removal Tool tool has a security vulnerability that allows local attackers to elevate privileges by loading a DLL...

BGA32.DLL and QBga32.DLL Buffer Overflow Vulnerability

BGA32.DLL is a library for compressing/decompressing files in GZA and BZA formats.QBga32.DLL is a wrapper for BGA32.DLL. A buffer overflow vulnerability exists in BGA32.DLL and QBga32.DLL, which allows an attacker to exploit the vulnerability to construct a malicious file that can be induced to b...

Elipse SCADA DLL Hijacking Vulnerability

Elipse SCADA is a WEB-based SCADA system deployed in critical manufacturing, energy, hydro and other systems. The program suffers from a DLL hijacking vulnerability when loading a DLL pointing to a DLL named wfapi.dll, which could be exploited by an attacker to build a malicious application that,...

Apple Mac OS X system is found to exist DLL hijacking vulnerability-vulnerability warning-the black bar safety net

DLL hijacking from 2 0 0 0 years has started to plague Windows systems, and now this attack also in most people's eyes“the most secureoperating system” - Apple Mac OS X appears on the. This week, Synack researcher Patrick Wardle, held in Vancouver at CanSecWest meeting made a speech, he explained...

Cimon CmnView DLL Hijacking Vulnerability

CmnView is a WEB-based SCADA application. The CmnView application contains a DLL that fails to specify an absolute path, allowing an attacker to exploit the vulnerability to build a malicious application and place it in a specific path, which could allow the application to maliciously load the DL...

Mozilla Firefox/Firefox ESR/Thunderbird DLL Load Arbitrary Code Execution Vulnerability

Mozilla Firefox/Thunderbird is a web browser/email client released by Mozilla. An arbitrary code execution vulnerability exists in the Mozilla Firefox/Firefox ESR/Thunderbird DLL loading, which can be exploited by an attacker to execute arbitrary code in the context of a user of an affected...

CVE-2014-8396

Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed...

CorelCAD 'TD_Mgd_3.08_9.dll' DLL Loading Arbitrary Code Execution Vulnerability

CorelCAD is a 3D drawing software. An arbitrary code execution vulnerability exists in CorelCAD 'TDMgd3.089.dll' DLL loading due to CorelCAD failing to properly load the 'TDMgd3.089.dll' file. Allows an attacker to construct a malicious DLL file that loads arbitrary code in the context of the...

Corel PDF Fusion 'quserex.dll' DLL Load Arbitrary Code Execution Vulnerability

Corel PDF Fusion is a PDF editing and authoring tool. An arbitrary code execution vulnerability exists in Corel PDF Fusion 'quserex.dll' DLL loading due to the program failing to properly load the 'quserex.dll' file. This allows an attacker to construct a malicious DLL file to load arbitrary code...

CVE-2014-8359

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory...

Autodesk AutoCAD < 2014 Multiple Vulnerabilities

The remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling FAS files that could allow execution of arbitrary VBScript code. CVE-2014-0818 - An error exists relat...

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

Design/Logic Flaw

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library...

CVE-2014-1273

CVE-2014-1273 affects Apple iOS before 7.1 and Apple TV before 6.1. The issue in dyld arises from loading text relocation instructions in dynamic libraries, allowing bypass of code-signing requirements. Apple’s 7.1/6.1 updates address this by ignoring text relocation instructions during dynamic l...

GLSA-201312-01 : GNU C Library: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201312-01 GNU C Library: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker could trigger...