DEBIAN-CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2018-1000622

CVE-2018-1000622 affects Rust rustdoc: loading plugins from world-writable directories could enable local code execution. AFFECTED: rustdoc versions 0.8 through 1.27.0; exploitation via the --plugin flag without the --plugin-path flag. REMEDY: upgrade to a fixed release (1.27.1 per initial descri...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2017-5170

Summary: CVE-2017-5170 affects Moxa SoftNVR-IA Live Viewer (Version 3.30.3122 and earlier). It stems from an Uncontrolled Search Path Element (DLL Hijacking) vulnerability where a malicious DLL could be loaded if placed in the application’s default install location, allowing code execution at the...

CVE-2017-14029

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine...

CVE-2017-14029

CVE-2017-14029 affects Trihedral VTScada 11.3.03 and earlier, describing an Uncontrolled Search Path Element vulnerability that lets an attacker cause the program to execute a specially crafted malicious DLL placed on the target machine. The issue is local (AV:L) with user interaction required (U...

CVE-2017-14029

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine...

Trihedral Engineering Limited VTScada

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Trihedral Engineering Limited Equipment: VTScada Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element AFFECTED PRODUCTS Trihedral Engineering Limited reports that the vulnerability affects the following versions of t...

CVE-2017-14017

CVE-2017-14017 affects Progea Movicon SCADA/HMI (Movicon 11.5.1181 and earlier). The vulnerability is an Uncontrolled Search Path Element that may allow a local attacker with low privileges to execute arbitrary code by loading a malicious DLL. Related entries also reference CVE-2017-14019 (Unquot...

SpiderControl MicroBrowser

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: SpiderControl Equipment: MicroBrowser Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected: MicroBrowser...

CVE-2017-12717

An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.220170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application...

CVE-2017-12717

Technical details about CVE-2017-12717 are not provided in the connected documents. The initial description notes an uncontrolled search path element in Advantech WebAccess before V8.2_20170817, but no further details are available here. Monitor for updates.

AzeoTech DAQFactory

CVSS v3 7.1 ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element AFFECTED PRODUCTS AzeoTech reports that the vulnerabilities affect th...

CVE-2017-9648

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file...

CVE-2017-9646

An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader HCDownloader Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL...

CVE-2017-9648

The CVE-2017-9648 issue affects Solar Controls WATTConfig M Software, versions 2.5.10.1 and earlier. It stems from an Uncontrolled Search Path Element (CWE-427) that could allow arbitrary code execution via a malicious DLL file on the target system. Affected product: WATTConfig M Software for Win...

CVE-2017-9646

CVE-2017-9646 affects Solar Controls HCDownloader (Heating Control Downloader) versions 1.0.1.15 and earlier. Root cause: Uncontrolled Search Path Element (CWE-427) could allow arbitrary code execution via a malicious DLL loaded on the target. Documented impact is high (CVE CVSSv3 base 7.8; local...

Solar Controls WATTConfig M Software

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: WATTConfig M Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected: WATTConf...

CVE-2017-6051

The CVE-2017-6051 entry concerns BLF-Tech LLC VisualView HMI, affected in versions 9.9.14.0 and earlier. The issue is an Uncontrolled Search Path Element (CWE-427) vulnerability that may allow a local attacker to cause execution of arbitrary code by loading a malicious DLL from the search path. C...

BLF-Tech LLC VisualView HMI

CVSS v3 7.0 ATTENTION: Low skill level to exploit Vendor: BLF-Tech LLC Equipment: VisualView HMI Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following VisualView HMI versions are affected: VisualView HMI Version 9.9.14.0 and prior. IMPACT Successful exploitation of this...