1215 matches found
CVE-2023-2071 FactoryTalk View Machine Edition Vulnerable to Remote Code Execution
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions...
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library DLL that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege...
Splunk 代码问题漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze data and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...
McAfee Safe Connect 代码问题漏洞
McAfee Safe Connect is a virtual private network VPN product from McAfee, Inc. A security vulnerability exists in McAfee Safe Connect versions prior to 2.16.1.126, which originated from a vulnerability that could allow an attacker with system privileges to escalate privileges by loading an...
CVE-2022-47636
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file OutSystems Modeling Language, the application will load the following DLLs from the same directory avlibGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using...
CVE-2023-36344
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...
Siemens SICAM TOOLBOX II 安全漏洞
SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II has an Execute wit...
PT-2023-5571 · Siemens · Siemens Software Center
Name of the Vulnerable Software and Affected Versions: Siemens Software Center versions prior to V3.0 Description: A DLL Hijacking issue could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. This is relat...
Siemens SICAM TOOLBOX II 安全漏洞
SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II suffers from a...
PT-2023-25620 · Pestudio · Pestudio
Name of the Vulnerable Software and Affected Versions: PEStudio version 9.52 Description: An issue in PEStudio allows a remote attacker to execute arbitrary code via a crafted DLL file to the PEStudio executable. Recommendations: For PEStudio version 9.52, consider disabling the execution of...
CVE-2023-27908
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability...
CVE-2023-35708
In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
CVE-2023-28353
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...
The vulnerability of the Microsoft .NET software platform, related to incorrect handling of the path to DLL libraries, allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft .NET software platform is related to incorrect handling of the path to the DLL libraries. Exploiting these vulnerabilities can allow an attacker to execute arbitrary code...
CVE-2023-30237
CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe...
CVE-2023-28140
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...
Trend Micro Security may insecurely load Dynamic Link Libraries
Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...
CVE-2023-29187
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup Software Installation Program - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the...
PT-2023-2927 · Microsoft +4 · .Net Framework +4
Name of the Vulnerable Software and Affected Versions: Microsoft .NET affected versions not specified Description: The issue is related to incorrect handling of the path search for DLL libraries in the Microsoft .NET platform. This can allow an attacker to execute arbitrary code. Recommendations:...