1217 matches found
Vulnerability fixed in Atlassian Bitbucket
By placing a specially crafted DLL file in the Bitbucket installation directory, an unauthorized user can execute arbitrary code with SYSTEM privileges on a Windows system on which the vulnerable Bitbucket software is installed. Atlassian has released updates to fix the vulnerability. fix. For mo...
Microsoft Edge Code Issue Vulnerability
Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A code issue vulnerability exists in Edge, which contains an untrusted search path vulnerability that allows an attacker to load a malicious DLL library from its current directory...
DIGSI 4 权限许可和访问控制问题漏洞
SIEMENS DIGSI 4 is a driver from SIEMENS USA. Provides device driver functionality. A privilege license and access control issue vulnerability exists in SIEMENS DIGSI 4. The vulnerability stems from the fact that several folders in \%PATH\% can be written to by a normal user, and can be exploited...
The vulnerability of the DLL library loading mechanism used by Cisco Immunet and Cisco Advanced Malware Protection allows a malicious actor to execute arbitrary code with elevated privileges.
The vulnerability of the DLL library loading mechanism used by Cisco Immunet and Cisco Advanced Malware Protection is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a attacker to execute arbitrary code with elevated privileges...
Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries
Overview HouseCall for Home Networks Windows Edition provided by Trend Micro Incorporated contains an issue with the DLL search path. By reading a malicious DLL placed in the folder specified by the PATH environment variable, arbitrary code with an escalated privilege may be executed CWE-427. Tre...
CVE-2021-25247
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability...
Trend Micro HouseCall Home Networks Code Issue Vulnerability
Trend Micro HouseCall for Home Networks is a suite of home network security scanning software from Trend Micro. The software supports scanning a wide range of home network devices and identifying network risks. A security vulnerability exists in Trend Micro HouseCall for Home Networks version...
CVE-2021-1237
A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...
CVE-2021-20616
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Sound Research DCHU Code Issue Vulnerability
Sound Research DCHU is a software module for audio post-processing drivers from Sound Research. A code issue vulnerability exists in Sound Research DCHU version 2.0.9.17, which allows an attacker to escalate privileges by uploading a fake DLL...
The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...
SKYSEA Client View Code Issue Vulnerability
SKYSEA Client View is an enterprise IT asset management tool from Sky SKY Japan. A code issue vulnerability exists in SKYSEA Client View versions 1.020.05b through 16.001.01g, which stems from a problem in the search path when the program loads a DLL and loads a specific DLL located in the same...
Baidu.com PC version suffers from dll hijacking vulnerability
Baidu.com is a cloud service product. A dll hijacking vulnerability exists in the PC version of Baidu.com Disk. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...
There is a dll hijacking vulnerability in Youdao Dictionary pc side
Youdao Dictionary is the world's first all-around free language translation software based on search engine technology produced by NetEase Youdao. A dll hijacking vulnerability exists in Youdao Dictionary pc, which can be exploited by attackers to gain control of the server...
Aurora PDF Reader has a dll hijacking vulnerability (NVD-C-2020-294256)
Aurora PDF Reader is a PDF file viewing software. Aurora PDF Reader has a dll hijacking vulnerability that can be exploited by attackers to load malicious dlls and execute malicious code...
Baidu.com PC client suffers from dll hijacking vulnerability (CNVD-2020-73296)
Baidu.com formerly Baidu Cloud is a cloud storage service launched by Baidu, which has covered the mainstream PC and cell phone operating systems, including Web version, Windows version, Mac version, Android version, iPhone version and Windows Phone version. A dll hijacking vulnerability exists i...
Cool Music (Windows client) suffers from a dll hijacking vulnerability (CNVD-2020-72476)
Cool Music is a music player that serves songs to its users. A dll hijacking vulnerability exists in CoolMusic Windows client. An attacker can exploit this vulnerability to load a malicious dll and execute malicious code...
Lovecraft Universal Link (Windows client) suffers from dll hijacking vulnerability
Aqiyi Universal Link formerly Aqiyi Universal Player is a universal video and audio player produced by Aqiyi in pursuit of the ultimate experience. There is a dll hijacking vulnerability in Aqiyi Universal Media Player Windows client. An attacker can exploit this vulnerability to load a malicious...
NetEase Mail Master (Windows Client) suffers from dll hijacking vulnerability
Netease Mailbox Master is an all-platform mailbox client launched by Netease Netease, which supports the use of various brands of mailboxes such as Netease and Outlook, and supports all-platform device login. A dll hijacking vulnerability exists in Netease Mail Master Windows client. An attacker...
360 Compressor (Windows client) suffers from a dll hijacking vulnerability
360 Compressor is a compression software. A dll hijacking vulnerability exists in 360 Compressor Windows client. An attacker can exploit this vulnerability to execute malicious code...