CVE-2020-4545

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitra...

Security Vulnerabilities fixed in Firefox ESR 78.1 — Mozilla

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

DEBIAN-CVE-2020-14939

An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...

Adobe Acrobat/Reader Insecure Library Loading (DLL Hijacking) Vulnerability

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader has an insecure library loading DLL hijacking vulnerability. An attacker can exploit this vulnerability to achieve elevation of...

JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries

In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to...

APSB18-20 Security update available for the Adobe Creative Cloud Desktop Application

Adobe has released a security update for the Creative Cloud Desktop Application installer for Windows. This update resolves an insecure library loading vulnerability in the installer that could lead to privilege escalation CVE-2018-5003...

The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries

Overview The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427 . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinat...

KLA11237 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An unsafe DLL loading...

Cisco FindIT Network Discovery Utility Code Execution Vulnerability

Cisco FindIT Network Discovery Utility is a network device manager from Cisco USA. The product provides management functions for Cisco network devices. A security vulnerability exists in the Cisco FindIT Network Discovery Utility. A local attacker can exploit this vulnerability by placing an...

Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries

Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

FileCapsule Deluxe Portable Insecure Dynamic Loading Vulnerability (CNVD-2017-23962)

FileCapsule Deluxe Portable is a file encryption software. A security vulnerability exists in FileCapsule Deluxe Portable 1.0.5.1 and earlier versions. The vulnerability can be exploited to execute arbitrary code...

Code injection

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution...

RW-4040 tool to verify execution environment may insecurely load Dynamic Link Libraries

Overview RW-4040 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of...

Code injection

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."...

CVE-2017-0197

CVE-2017-0197 affects Microsoft OneNote 2007 SP3 and OneNote 2010 SP2. A DLL loading remote code execution vulnerability exists: an attacker can cause arbitrary code execution by convincing a user to open a specially crafted OneNote document. The issue is triggered by improper DLL loading validat...

Mozilla Firefox File Loading Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. Mozilla Firefox suffers from a file loading vulnerability where a non-existent chrome.manifest file will attempt to be load...

VMSA-2017-0003:VMware Workstation update addresses multiple security issues

VMSA-2017-0003 VMware Workstation update addresses multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0003 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Workstation update addresses multiple security issues...