Lucene search
K

1217 matches found

BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.7 views

The vulnerability of the “LOCMAN Configurator” module of the engineering data and product lifecycle management system LOCMAN:PLM, which is related to the unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the “LOZMAN Configurator” module of the engineering data and product lifecycle management system LOZMAN involves unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll libraries such as...

6.8CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.12 views

The vulnerability of the data synchronization module at any time, triggered by user requests or by a special scheduler utility “LOCMAN Master Synchronization” of the engineering data and product lifecycle management system LOCMAN. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.

The vulnerability of the data synchronization module at any time, triggered by user requests or by special planning tools like “LOZMAN Master Synchronization” of the Engineering Data and Product Lifecycle management system LOZMAN, is related to the unlimited loading of dangerous files. Exploiting...

6.8CVSS6AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.4 views

F5 BIG-IP Edge Gateway代码问题漏洞

F5 BIG-IP Edge Gateway is a remote access solution from F5 USA. An elevation of privilege vulnerability exists in F5 BIG-IP Edge Gateway, which stems from a faulty program call to an advanced native procedure, where a non-privileged user uses a malicious DLL to elevate power on a client Windows...

7.8CVSS5.7AI score0.003EPSS
Exploits0References3
ICS
ICS
added 2021/05/28 12:0 p.m.22 views

ATT&CK Table for Sophisticated Spearphishing Campaign CSA

Summary See Technical Details section Technical Details Table 1 provides a summary of the MITRE ATT&CK techniques observed. Table 1: MITRE ATT&CK techniques observed Technique Title | Technique ID ---|--- Process Injection: Dynamic-link Library Injection | T1055.001 Ingress Tool Transfer | T1105...

2.5AI score
Exploits0References21
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.2 views

Fujitsu ScanSnap Manager 代码问题漏洞

Fujitsu ScanSnap Manager is a scanner driver required to manage ScanSnap scanned documents from Fujitsu Japan. ScanSnap Manager: A code issue vulnerability exists in versions prior to 7.0L20, which arises from the application loading DLL libraries in an insecure manner. A local attacker could...

7.8CVSS7.9AI score0.0044EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.3 views

Overwolf 代码问题漏洞

Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. Overwolf Installer 2.168.0 suffers from a code issue vulnerability that stems from the application loading DLL libraries in an insecure manner. A remote attacker could exploit the...

7.8CVSS7.9AI score0.00292EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.6 views

The vulnerability in the update process of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows allows a perpetrator to execute arbitrary code with SYSTEM privileges.

The vulnerability in the update process of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows relates to the creation of DLL files with insecure permissions. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code with SYSTEM privileges...

7CVSS7.6AI score0.00249EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.7 views

Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞

Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. A security vulnerability exists in Cisco AnyConnect Secure Mobility Client for Windows that could allow an...

7.8CVSS7.3AI score0.00234EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.4 views

Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞

Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. A security vulnerability exists in Cisco AnyConnect Secure Mobility Client for Windows that could allow an...

7.8CVSS7.3AI score0.00249EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.5 views

PT-2021-11124 · Siemens · Logo! Soft Comfort

Name of the Vulnerable Software and Affected Versions: LOGO! Soft Comfort versions prior to V8.4 Description: A security issue has been identified in the software, where it insecurely loads libraries, making it susceptible to DLL hijacking. This could allow a local attacker to successfully exploi...

8.4CVSS8.1AI score0.00248EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2021/04/20 7:0 a.m.6 views

Cisco Advanced Malware Protection for Endpoints Windows Connector ClamAV for Windows and Immunet DLL Hijacking Vulnerability

...

7.8CVSS7AI score0.0028EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/19 12:0 a.m.11 views

Autodesk FBX Review 缓冲区错误漏洞

Autodesk FBX Review is a lightweight standalone tool for viewing 3D assets and animations. An out-of-bounds read/write vulnerability exists in Autodesk FBX Review version 1.4.1.0. An attacker could exploit this vulnerability via specially crafted DLL files to achieve remote code execution or obta...

7.8CVSS6.5AI score0.01778EPSS
Exploits0References9
OSV
OSV
added 2021/04/13 1:15 p.m.2 views

CVE-2021-28647

Trend Micro Password Manager version 5 Consumer is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program...

7.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2021/03/25 4:15 p.m.3 views

CVE-2020-6789

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same...

7.8CVSS7.4AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/23 12:0 a.m.3 views

Mcafee McAfee Data Loss Prevention 后置链接漏洞

Mcafee McAfee Data Loss Prevention DLP is a data loss prevention suite from McAfee, Inc. that includes components such as McAfee DLP Monitor, McAfee DLP Endpoint, and provides event management and reporting, synchronization of local and cloud DLP policies, and more. A security vulnerability exist...

7.8CVSS7.4AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/03/23 12:0 a.m.4 views

PT-2021-2460 · Mcafee · Mcafee Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP for Windows versions prior to 11.6.100 Description: The issue is related to a privilege escalation vulnerability that allows a local, low-privileged attacker to load DLLs of their choice by using junctions and...

7.8CVSS7.7AI score0.00353EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.3 views

Utimaco SecurityServer 安全漏洞

Utimaco SecurityServer is an application chip from Utimaco, Germany. It provides a general-purpose hardware security module that secures encryption key material for servers and applications. A security vulnerability exists in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0, which can be exploited by...

7.8CVSS7.4AI score0.00363EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/11 5:53 a.m.10 views

Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries

Overview Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Yuji Tounai of Mitsui Bussan Secure Directions, Inc...

7.8CVSS7AI score0.00915EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.6 views

NTT TechnoCross MagicConnect 代码问题漏洞

NTT TechnoCross MagicConnect is an application software from NTT TechnoCross Japan. It provides a service to operate an office PC by invoking the screen image of a remote device. MagicConnect suffers from a code issue vulnerability that allows an attacker to gain privileges and execute arbitrary...

7.8CVSS7.8AI score0.00915EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/02/26 12:0 a.m.3 views

PT-2021-11572 · Owncloud · Owncloud

Name of the Vulnerable Software and Affected Versions: ownCloud versions prior to 2.7 Description: The issue allows DLL Injection due to the desktop client loading development plugins from certain directories when they are present. Recommendations: For versions prior to 2.7, update to version 2.7...

7.8CVSS7.7AI score0.00773EPSS
Exploits0References5
Rows per page
Query Builder