1216 matches found
ServiSign 路径遍历漏洞
Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. A security vulnerability exists in ServiSign that stems from insufficient filtering of special characters in the path of a DLL file...
CVE-2021-36631
Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
Overview Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...
PT-2022-27823 · Unknown · Squirrel.Windows
Name of the Vulnerable Software and Affected Versions: Squirrel.Windows versions 2.0.1 and earlier Description: The issue is related to the DLL search path in installers generated by Squirrel.Windows, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be...
HCL Domino 缓冲区错误漏洞
HCL Domino is an application from HCL India. It provides a platform for application development. HCL Domino suffers from a buffer error vulnerability that stems from vulnerability to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView, which can be exploited by an...
The vulnerability of the Content Transfer software installer for Windows allows a hacker to increase their privileges.
The vulnerability of the Content Transfer software installer for Windows is related to the use of an unreliable search path. Exploiting this vulnerability can allow a hacker to increase their privileges through a specially created DLL...
CVE-2022-41281
A vulnerability has been identified in JT2Go All versions V14.1.0.6, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.8, Teamcenter Visualization V14.0 All versions V14.0.0.4, Teamcenter Visualization V14.1 All versions V14.1.0.6. The...
Siemens SICAM PAS/PQS 代码问题漏洞
Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. A security vulnerability exists in Siemens SICAM PAS/PQS versions prior to V7.0 that stems from a failure to properly protect the containing folder. An attacker can exploit the...
Trellix Agent 代码问题漏洞
Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent TA for Windows versions prior to 5.7.8. An attacker could exploit the vulnerability t...
PT-2022-25506 · Ibm · Ibm I Access Family
Name of the Vulnerable Software and Affected Versions: IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 Description: The issue allows a local authenticated attacker to execute arbitrary code on the system due to a DLL search order hijacking vulnerability. An attacker...
IBM i 代码问题漏洞
IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0, which stems from a vulnerability that could allow a...
PT-2022-20893 · Unknown · Installbuilder
Name of the Vulnerable Software and Affected Versions: InstallBuilder Qt installers versions prior to 22.10 Description: The issue allows an attacker to potentially execute code with the privileges of the installer by planting a malicious DLL in the installer parent directory. This can happen whe...
CVE-2022-28766
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client...
Zoom Rooms 代码问题漏洞
Zoom Rooms is a software-based conferencing system from Zoom USA. A system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. A security vulnerability exists in Zoom Rooms that stems from vulnerability to DLL side-loading attacks...
The vulnerability of the dynamically linked library of the script handler (jscript9.dll) in the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the dynamically linked script engine library jscript9.dll in Windows operating systems is related to the possibility of code injection. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Foxit Reader 代码问题漏洞
Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...
PT-2022-27294 · Acronis · Acronis Cyber Protect Home Office
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions prior to build 40107 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. Recommendations: For versions prior to build 40107, update to buil...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...
Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...