Lucene search
+L

274 matches found

bdu_fstec
bdu_fstec
added 2021/12/17 12:0 a.m.9 views

The vulnerability of the McAfee Agent antivirus software, related to deficiencies in the mechanism for calling system libraries, allows an attacker to execute a preliminary loading attack of DLLs.

The vulnerability of the McAfee Agent antivirus software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute a preloading attack involving DLLs...

7.3CVSS7.2AI score0.00348EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2021/12/03 12:0 a.m.5 views

PT-2021-15549 · Ajaxpro · Ajaxpro

Name of the Vulnerable Software and Affected Versions: ajaxpro.2 versions prior to 21.11.29.1 Description: The issue is related to Deserialization of Untrusted Data, which can be abused to gain remote code execution. This occurs due to the possibility of deserialization of arbitrary .NET classes...

9.8CVSS9.7AI score0.88768EPSS
Exploits2References22
packetstorm
packetstorm
added 2021/11/28 12:0 a.m.506 views

Nextar C472 POS DLL Hijacking

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Nextar C472 POS DLL Hijacking Exploit nxmm.dll - mdmdregistration.dll...

0.2AI score
Exploits0
gitee
gitee
added 2021/10/23 5:6 p.m.7 views

Exploit for CVE-2021-1678

PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...

8.8CVSS8.4AI score0.0938EPSS
Exploits1
bdu_fstec
bdu_fstec
added 2021/10/20 12:0 a.m.6 views

The vulnerability of the 3D design review package Autodesk Navisworks lies in its ability to record outside the field, allowing a hacker to execute code by loading arbitrary DLL files.

The vulnerability of the 3D design review package Autodesk Navisworks relates to the ability to write code outside the specified field. Exploiting this vulnerability could allow an attacker to execute code by loading arbitrary DLL files...

7.8CVSS7.5AI score0.00298EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/09/01 12:0 a.m.15 views

The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.

The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.00816EPSS
Exploits0References3
jvn
jvn
added 2021/08/24 12:0 a.m.47 views

JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries

The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...

7.8CVSS7.8AI score0.00315EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2021/08/02 12:0 a.m.6 views

The vulnerability of VMware ThinApp, a virtualization and portable application creation tool, lies in the insecure loading of DLL libraries, which allows attackers to escalate their privileges.

The vulnerability of VMware ThinApp’s virtualization and portable application creation tools relates to the insecure loading of DLL libraries. Exploiting this vulnerability can allow attackers to gain increased privileges...

7.8CVSS7.2AI score0.00563EPSS
Exploits2References6Affected Software1
cvelist
cvelist
added 2021/06/10 4:20 p.m.30 views

CVE-2021-31840 DLL preload vulnerability in McAfee Agent for Windows

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...

7.3CVSS7.5AI score0.00348EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2021/06/09 12:0 a.m.9 views

The vulnerability of the data exchange module related to the “LOCMAN WorkFlow” subsystem between various databases of the “LOCMAN WorkFlow Import-Export” system for engineering data management and the product lifecycle management system LOCMAN:PLM, allows a perpetrator to execute arbitrary code due to unlimited loading of dangerous files.

The vulnerability of the data exchange module related to the “LOZMAN WorkFlow” subsystem between various databases of the “LOZMAN WorkFlow Import-Export” component of the engineering data management system and the product lifecycle management system LOZMAN:PLM is associated with the unlimited...

6.8CVSS6AI score
Exploits0Affected Software1
jvn
jvn
added 2021/05/21 7:34 a.m.1 views

The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

Overview The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.0044EPSS
Exploits0References7
jvn
jvn
added 2021/05/21 7:7 a.m.5 views

Installer of Overwolf may insecurely load Dynamic Link Libraries

Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....

7.8CVSS6.8AI score0.00292EPSS
Exploits0References6
jvn
jvn
added 2021/05/21 12:0 a.m.59 views

JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.8AI score0.0044EPSS
Exploits0
osv
osv
added 2021/05/06 1:15 p.m.4 views

CVE-2021-1430

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

7.8CVSS6.2AI score0.00234EPSS
Exploits0References1
jvn
jvn
added 2021/04/20 3:25 a.m.6 views

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

7.8CVSS6.8AI score0.00469EPSS
Exploits0References6
jvn
jvn
added 2021/03/05 8:3 a.m.12 views

The installers of E START products may insecurely load Dynamic Link Libraries

Overview The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268...

9.3CVSS7.1AI score0.01525EPSS
Exploits2References11
jvn
jvn
added 2021/03/05 12:0 a.m.95 views

JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries

The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...

9.3CVSS6.4AI score0.01525EPSS
Exploits2
bdu_fstec
bdu_fstec
added 2021/03/02 12:0 a.m.12 views

The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...

7.8CVSS7.1AI score0.00604EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2021/02/02 12:0 a.m.5 views

The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.

The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.01045EPSS
Exploits0References3
jvn
jvn
added 2021/01/12 12:0 a.m.71 views

JVN#69635538: The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

7.8CVSS7.8AI score0.00321EPSS
Exploits0
Rows per page
Query Builder