118 matches found
ghostscript: OPVP device arbitrary code execution via custom Driver library
A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...
PT-2024-5609 · Dell · Dell Peripheral Manager
Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the Dell Peripheral Manager software. This could allow an attacker to potentially exploit the vulnerability through...
UBUNTU-CVE-2024-33871
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...
The vulnerability of Microsoft Exchange Server’s mail server, related to an uncontrolled search path element, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Exchange Server is related to an uncontrolled element in the loading process for DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Exploit for CVE-2023-38820
DLL-Planting-Slack-4.33.73-CVE-2023-38820 DLL Planting in the...
The vulnerability of the application development environment for ISaGRAF programmable logic controllers arises from the use of an unreliable search path during the loading of dynamic libraries. This allows a hacker to execute arbitrary code.
The vulnerability in the application development environment for ISaGRAF Runtime Rockwell Automation relates to the use of an unreliable search path during the loading of dynamic libraries. Exploiting this vulnerability allows a local attacker to execute arbitrary code...
Qualys Cloud Agent 代码问题漏洞
Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 4.5.3.1, which stems from a malicious copy of the Dependency Link Library DLL that allows an...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...
PT-2023-1883 · Mcafee · Mcafee Total Protection
Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...
SUSE CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...
Squirrel.Windows 代码问题漏洞
Squirrel.Windows is a Squirrel open source installation and update framework for Windows desktop applications. A security vulnerability exists in Squirrel.Windows version 2.0.1 and prior versions, which stems from an issue with the installer containing a DLL search path, which could lead to unsaf...
PT-2022-27985 · Jetbrains · Jetbrains Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for a DYLIB injection on macOS. This means that an attacker could potentially inject malicious code into the system. No information is provided about the estimated...
PT-2022-7153 · Autodesk · Autodesk Installer
Name of the Vulnerable Software and Affected Versions: Autodesk Installer affected versions not specified Description: The issue is related to a maliciously crafted DLL file that can be forced to write beyond allocated boundaries when the Autodesk installer parses the DLL files. This could lead t...
Qt 代码问题漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
Softing Secure Integration Server 路径遍历漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A path traversal vulnerability exists in Softing Secure...
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...
HiBARA Software AttacheCase 代码问题漏洞
HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 4.0.2.7, which arises from loading DLL libraries in an insecure manner. A remote attacker can...
HiBARA Software AttacheCase 代码问题漏洞
HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 3.6.1.0, which arises from an application loading DLL libraries in an insecure manner. A remo...
The vulnerability of the installer component of the WPS Office office software package allows a perpetrator to escalate their privileges and execute arbitrary code.
The vulnerability of the installer component of the WPS Office office software package is related to the loading of a dynamic library that does not exist. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...