Lucene search
K

1215 matches found

CNNVD
CNNVD
added 2024/01/05 12:0 a.m.7 views

IrfanView Security Vulnerability

IrfanView is an image viewer by the individual developer Irfan Skiljan in Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView PlugIns B3D prior to version 4.56, which stems from a heap-based...

9.8CVSS7AI score0.00562EPSS
Exploits0References2
OSV
OSV
added 2023/12/25 7:15 a.m.5 views

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

8.8CVSS5.8AI score0.00774EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.5 views

PT-2023-7667

Name of the Vulnerable Software and Affected Versions: Iconics SCADA Suite affected versions not specified Description: The issue is related to the use of an unreliable path search, which can allow an attacker to execute malicious code via a DLL with a matching name in an accessible search path...

7.2CVSS7.6AI score
Exploits0References8
The Hacker News
The Hacker News
added 2023/12/05 7:55 a.m.54 views

New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.4 views

EZVIZ Studio Security Vulnerability

EZVIZ Studio is an application from the Chinese company Fluorite EZVIZ. It is used to manage your camera on a personal computer. A security vulnerability exists in EZVIZ Studio version v2.2.0, which originates from a DLL hijacking that can be performed by planting a malicious TcApi.dll in certain...

7.8CVSS6.7AI score0.00451EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

4D Windows Server Code Issue Vulnerability

4D Windows Server is a family of applications from 4D USA. A code issue vulnerability exists in 4D Windows Server that originates from a DLL hijacking that can lead to arbitrary code execution by replacing shfolder.dll in the installation path...

7.8CVSS7.7AI score0.00261EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/29 12:0 a.m.4 views

The vulnerability of the Fortinet FortiClient security device for Windows, related to the use of an insecure search path, allows attackers to execute arbitrary code.

The vulnerability of the Fortinet FortiClient security device for Windows relates to the use of an insecure lookup path. Exploiting this vulnerability allows attackers to execute arbitrary code by replacing the legitimate DLL file with a malicious library...

7.8CVSS7.6AI score0.00309EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/22 7:15 a.m.3 views

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability...

7.8CVSS5.8AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2023/11/15 8:15 p.m.2 views

CVE-2023-22818

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.3 views

BleachBit Code Issue Vulnerability

BleachBit is a free open source disk space cleaner, privacy manager and computer system optimizer from BleachBit Open Source. A code issue vulnerability exists in BleachBit 4.4.2 and prior versions that stems from the presence of a dynamic link library DLL hijacking vulnerability...

7.3CVSS7AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.5 views

Atera Agent Package Availability Security Vulnerability

Atera Agent Package Availability for Windows is an Atera agent package for Windows from Atera. A security vulnerability exists in Atera Agent Package Availability 0.14.0.0 and prior versions, which originates when Agent.Package.Availability.exe has SYSTEM privileges and is susceptible to DLL...

7.8CVSS6.9AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.5 views

SonicWall NetExtender Windows client security vulnerability

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL, Inc. A security vulnerability exists in SonicWall NetExtender Windows client version 10.2.336 and earlier, which originates from a DLL hijacking vulnerability in the componen...

7.3CVSS7.2AI score0.00294EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/10/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

7.8CVSS7.5AI score0.09092EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.4 views

Siemens Simcenter Amesim 代码注入漏洞

Simcenter Amesim is an integrated and scalable system simulation platform that allows system simulation engineers to virtually evaluate and optimize the performance of electromechanical systems. A remote code execution vulnerability exists in Siemens Simcenter Amesim, which can be exploited by an...

9.8CVSS8.6AI score0.01158EPSS
Exploits0References2
OSV
OSV
added 2023/10/09 10:15 p.m.3 views

CVE-2023-5463

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to t...

7.8CVSS5.2AI score0.00265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.3 views

PT-2023-25369 · Ibm · Ibm Storage Protect For Virtual Environments +1

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments versions 8.1.0.0 through 8.1.19.0 Description: The issue allows a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL...

8.4CVSS7.7AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/30 12:0 a.m.4 views

PT-2023-15939 · Caphyon · Caphyon Advanced Installer

Name of the Vulnerable Software and Affected Versions: Caphyon Advanced Installer version 19.7 Description: A critical vulnerability has been found in the WinSxS DLL Handler component of Caphyon Advanced Installer. The manipulation leads to an uncontrolled search path. Attacking locally is a...

7.8CVSS7.2AI score0.00387EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.5 views

The vulnerability of Kepware KEPServerEX and ThingWorkx Kepware Server software lies in the uncontrolled element of the search path, allowing a attacker to replace the installer with an arbitrary DLL library.

The vulnerability of the OPC-server software from Kepware, KEPServerEX and ThingWorkx Kepware Server, is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a attacker to replace the installer with a program that uses arbitrary DLL libraries...

6.3CVSS7.3AI score0.00171EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2023/09/14 10:15 p.m.3 views

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...

7.8CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/14 10:15 p.m.4 views

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...

7.8CVSS7.1AI score0.00378EPSS
Exploits2References4
Rows per page
Query Builder