800 matches found
Directory traversal
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...
CVE-2018-6461
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...
CVE-2018-6461
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...
CVE-2018-6461
The CVE-2018-6461 issue involves March Hare WINCVS (pre-2.8.01 build 6610) and CVS Suite (pre-2009R2 build 6610). The root cause is Insecure Library Loading via a Trojan DLL (Python or TCL) placed in the current working directory, targeting wincvs2.exe or wincvs.exe. This enables a local attacker...
CVE-2018-6461
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...
OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...
CVE-2017-16690
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll located in your Syswow64 / System32 folder from the folder the executable is in a...
The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
Overview Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and Shun Suza...
CVE-2017-12314
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...
Code injection
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...
dll hijacking vulnerability in Yisetron Data Security Guard
Yisetong Data Security Guard is a security product that specializes in preventing your private data assets from being illegally stolen or used by others in the process of sharing and storing. A dll hijacking vulnerability exists in Yisetone Data Safeguard. The vulnerability is due to an unsafe...
CVE-2017-13676
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a...
Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
Overview The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of...
CVE-2017-6768
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system...
CVE-2017-4921
VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...
Privilege escalation
VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...
CVE-2017-4921
VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...
CVE-2017-4921
VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...
CVE-2017-4921
The CVE-2017-4921 issue affects VMware vCenter Server 6.5 prior to 6.5 U1. The root cause is an insecure library loading mechanism that uses LD_LIBRARY_PATH in an unsafe way, which can allow an unprivileged host user to load a shared library and potentially escalate privileges. Relevant connected...
VMware vCenter Server Appliance 6.5 < 6.5 U1 Multiple Vulnerabilities (VMSA-2017-0013)
The version of VMware vCenter Server Appliance installed on the remote host is 6.5 prior to 6.5 Update 1 6.5 U1. It is, therefore, affected by multiple vulnerabilities : - An insecure library loading issue exists due to the use of the LDLIBRARYPATH variable to look for specific files or libraries...