Lucene search
K

1215 matches found

Vulnrichment
Vulnrichment
added 2023/09/12 1:12 p.m.10 views

CVE-2023-2071 FactoryTalk View Machine Edition Vulnerable to Remote Code Execution

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions...

9.8CVSS8AI score0.10974EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/30 4:19 p.m.31 views

CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library DLL that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege...

7CVSS9.1AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

Splunk 代码问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze data and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

8.8CVSS8AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/21 7:15 p.m.4 views

CVE-2023-40352

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...

7.2CVSS7.2AI score0.00702EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.2 views

McAfee Safe Connect 代码问题漏洞

McAfee Safe Connect is a virtual private network VPN product from McAfee, Inc. A security vulnerability exists in McAfee Safe Connect versions prior to 2.16.1.126, which originated from a vulnerability that could allow an attacker with system privileges to escalate privileges by loading an...

7.2CVSS7.2AI score0.00702EPSS
Exploits0References3
OSV
OSV
added 2023/08/10 4:15 p.m.4 views

CVE-2022-47636

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file OutSystems Modeling Language, the application will load the following DLLs from the same directory avlibGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using...

7.8CVSS6.1AI score0.01135EPSS
Exploits4References2
OSV
OSV
added 2023/08/08 8:15 p.m.2 views

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

7.8CVSS6.1AI score0.00395EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

Siemens SICAM TOOLBOX II 安全漏洞

SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II has an Execute wit...

7.8CVSS6.7AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-5571 · Siemens · Siemens Software Center

Name of the Vulnerable Software and Affected Versions: Siemens Software Center versions prior to V3.0 Description: A DLL Hijacking issue could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. This is relat...

7.8CVSS7.7AI score0.00207EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.4 views

Siemens SICAM TOOLBOX II 安全漏洞

SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II suffers from a...

7.8CVSS6.7AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.6 views

PT-2023-25620 · Pestudio · Pestudio

Name of the Vulnerable Software and Affected Versions: PEStudio version 9.52 Description: An issue in PEStudio allows a remote attacker to execute arbitrary code via a crafted DLL file to the PEStudio executable. Recommendations: For PEStudio version 9.52, consider disabling the execution of...

7.5AI score
Exploits0References3
OSV
OSV
added 2023/06/23 8:15 p.m.5 views

CVE-2023-27908

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability...

7.8CVSS5.8AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2023/06/16 4:15 a.m.4 views

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

9.8CVSS7.2AI score0.96682EPSS
Exploits0References3
OSV
OSV
added 2023/05/31 12:15 a.m.7 views

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

8.8CVSS7.4AI score0.01362EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/05/30 12:0 a.m.5 views

The vulnerability of the Microsoft .NET software platform, related to incorrect handling of the path to DLL libraries, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft .NET software platform is related to incorrect handling of the path to the DLL libraries. Exploiting these vulnerabilities can allow an attacker to execute arbitrary code...

7.8CVSS7.6AI score0.01531EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2023/05/09 3:15 a.m.4 views

CVE-2023-30237

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe...

7.8CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2023/04/18 4:15 p.m.2 views

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

7CVSS7AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/14 6:44 a.m.3 views

Trend Micro Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References6
OSV
OSV
added 2023/04/11 4:16 a.m.4 views

CVE-2023-29187

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup Software Installation Program - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the...

6.7CVSS6.4AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.11 views

PT-2023-2927 · Microsoft +4 · .Net Framework +4

Name of the Vulnerable Software and Affected Versions: Microsoft .NET affected versions not specified Description: The issue is related to incorrect handling of the path search for DLL libraries in the Microsoft .NET platform. This can allow an attacker to execute arbitrary code. Recommendations:...

9.8CVSS6.9AI score0.99999EPSS
Exploits19References165
Rows per page
Query Builder