274 matches found
The vulnerability of the McAfee Agent antivirus software, related to deficiencies in the mechanism for calling system libraries, allows an attacker to execute a preliminary loading attack of DLLs.
The vulnerability of the McAfee Agent antivirus software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute a preloading attack involving DLLs...
PT-2021-15549 · Ajaxpro · Ajaxpro
Name of the Vulnerable Software and Affected Versions: ajaxpro.2 versions prior to 21.11.29.1 Description: The issue is related to Deserialization of Untrusted Data, which can be abused to gain remote code execution. This occurs due to the possibility of deserialization of arbitrary .NET classes...
Nextar C472 POS DLL Hijacking
/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Nextar C472 POS DLL Hijacking Exploit nxmm.dll - mdmdregistration.dll...
Exploit for CVE-2021-1678
PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...
The vulnerability of the 3D design review package Autodesk Navisworks lies in its ability to record outside the field, allowing a hacker to execute code by loading arbitrary DLL files.
The vulnerability of the 3D design review package Autodesk Navisworks relates to the ability to write code outside the specified field. Exploiting this vulnerability could allow an attacker to execute code by loading arbitrary DLL files...
The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.
The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...
JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries
The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...
The vulnerability of VMware ThinApp, a virtualization and portable application creation tool, lies in the insecure loading of DLL libraries, which allows attackers to escalate their privileges.
The vulnerability of VMware ThinApp’s virtualization and portable application creation tools relates to the insecure loading of DLL libraries. Exploiting this vulnerability can allow attackers to gain increased privileges...
CVE-2021-31840 DLL preload vulnerability in McAfee Agent for Windows
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...
The vulnerability of the data exchange module related to the “LOCMAN WorkFlow” subsystem between various databases of the “LOCMAN WorkFlow Import-Export” system for engineering data management and the product lifecycle management system LOCMAN:PLM, allows a perpetrator to execute arbitrary code due to unlimited loading of dangerous files.
The vulnerability of the data exchange module related to the “LOZMAN WorkFlow” subsystem between various databases of the “LOZMAN WorkFlow Import-Export” component of the engineering data management system and the product lifecycle management system LOZMAN:PLM is associated with the unlimited...
The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
Overview The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...
Installer of Overwolf may insecurely load Dynamic Link Libraries
Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....
JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...
CVE-2021-1430
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
The installers of E START products may insecurely load Dynamic Link Libraries
Overview The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268...
JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries
The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...
The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.
The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...
The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.
The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...
JVN#69635538: The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...