1217 matches found
The vulnerability of the “LOCMAN Configurator” module of the engineering data and product lifecycle management system LOCMAN:PLM, which is related to the unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.
The vulnerability of the “LOZMAN Configurator” module of the engineering data and product lifecycle management system LOZMAN involves unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll libraries such as...
The vulnerability of the data synchronization module at any time, triggered by user requests or by a special scheduler utility “LOCMAN Master Synchronization” of the engineering data and product lifecycle management system LOCMAN. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.
The vulnerability of the data synchronization module at any time, triggered by user requests or by special planning tools like “LOZMAN Master Synchronization” of the Engineering Data and Product Lifecycle management system LOZMAN, is related to the unlimited loading of dangerous files. Exploiting...
F5 BIG-IP Edge Gateway代码问题漏洞
F5 BIG-IP Edge Gateway is a remote access solution from F5 USA. An elevation of privilege vulnerability exists in F5 BIG-IP Edge Gateway, which stems from a faulty program call to an advanced native procedure, where a non-privileged user uses a malicious DLL to elevate power on a client Windows...
ATT&CK Table for Sophisticated Spearphishing Campaign CSA
Summary See Technical Details section Technical Details Table 1 provides a summary of the MITRE ATT&CK techniques observed. Table 1: MITRE ATT&CK techniques observed Technique Title | Technique ID ---|--- Process Injection: Dynamic-link Library Injection | T1055.001 Ingress Tool Transfer | T1105...
Fujitsu ScanSnap Manager 代码问题漏洞
Fujitsu ScanSnap Manager is a scanner driver required to manage ScanSnap scanned documents from Fujitsu Japan. ScanSnap Manager: A code issue vulnerability exists in versions prior to 7.0L20, which arises from the application loading DLL libraries in an insecure manner. A local attacker could...
Overwolf 代码问题漏洞
Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. Overwolf Installer 2.168.0 suffers from a code issue vulnerability that stems from the application loading DLL libraries in an insecure manner. A remote attacker could exploit the...
The vulnerability in the update process of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows allows a perpetrator to execute arbitrary code with SYSTEM privileges.
The vulnerability in the update process of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows relates to the creation of DLL files with insecure permissions. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code with SYSTEM privileges...
Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞
Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. A security vulnerability exists in Cisco AnyConnect Secure Mobility Client for Windows that could allow an...
Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞
Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. A security vulnerability exists in Cisco AnyConnect Secure Mobility Client for Windows that could allow an...
PT-2021-11124 · Siemens · Logo! Soft Comfort
Name of the Vulnerable Software and Affected Versions: LOGO! Soft Comfort versions prior to V8.4 Description: A security issue has been identified in the software, where it insecurely loads libraries, making it susceptible to DLL hijacking. This could allow a local attacker to successfully exploi...
Cisco Advanced Malware Protection for Endpoints Windows Connector ClamAV for Windows and Immunet DLL Hijacking Vulnerability
...
Autodesk FBX Review 缓冲区错误漏洞
Autodesk FBX Review is a lightweight standalone tool for viewing 3D assets and animations. An out-of-bounds read/write vulnerability exists in Autodesk FBX Review version 1.4.1.0. An attacker could exploit this vulnerability via specially crafted DLL files to achieve remote code execution or obta...
CVE-2021-28647
Trend Micro Password Manager version 5 Consumer is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program...
CVE-2020-6789
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same...
Mcafee McAfee Data Loss Prevention 后置链接漏洞
Mcafee McAfee Data Loss Prevention DLP is a data loss prevention suite from McAfee, Inc. that includes components such as McAfee DLP Monitor, McAfee DLP Endpoint, and provides event management and reporting, synchronization of local and cloud DLP policies, and more. A security vulnerability exist...
PT-2021-2460 · Mcafee · Mcafee Data Loss Prevention
Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP for Windows versions prior to 11.6.100 Description: The issue is related to a privilege escalation vulnerability that allows a local, low-privileged attacker to load DLLs of their choice by using junctions and...
Utimaco SecurityServer 安全漏洞
Utimaco SecurityServer is an application chip from Utimaco, Germany. It provides a general-purpose hardware security module that secures encryption key material for servers and applications. A security vulnerability exists in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0, which can be exploited by...
Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
Overview Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Yuji Tounai of Mitsui Bussan Secure Directions, Inc...
NTT TechnoCross MagicConnect 代码问题漏洞
NTT TechnoCross MagicConnect is an application software from NTT TechnoCross Japan. It provides a service to operate an office PC by invoking the screen image of a remote device. MagicConnect suffers from a code issue vulnerability that allows an attacker to gain privileges and execute arbitrary...
PT-2021-11572 · Owncloud · Owncloud
Name of the Vulnerable Software and Affected Versions: ownCloud versions prior to 2.7 Description: The issue allows DLL Injection due to the desktop client loading development plugins from certain directories when they are present. Recommendations: For versions prior to 2.7, update to version 2.7...