287 matches found
CVE-2017-12252
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...
CVE-2017-12252
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...
Design/Logic Flaw
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...
CVE-2017-12252
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...
CVE-2017-12252
The CVE-2017-12252 issue affects Cisco FindIT Network Discovery Utility. It enables a local, authenticated attacker to perform a DLL preloading attack by placing a malicious DLL in the host’s search path, causing the system to load the attacker’s DLL and partially compromise confidentiality, inte...
Cisco FindIT DLL Preloading Vulnerability
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...
IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass Vulnerabilities
IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 including Cloud version 11.5 suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage...
IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage vulnerable version: 9.1, 11.3, and 11.5 including Cloud version 11.5 fixed version: - CVE...
Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files
Overview FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may...
CVE-2017-6329
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the...
CVE-2017-12892
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
Design/Logic Flaw
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-12892
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-12892
Foxit PDF Compressor installers (versions 7.0.0.183 through 7.7.2.10) are affected by a DLL preloading vulnerability. The issue arises because the installer can load a malicious DLL located in its current working directory, enabling potential code execution during installation. CVE-2017-12892 is ...
Multiple Vulnerabilities Affecting Four Rapid7 Products
Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding the...
Automated DLL Enumerator: rattler
Rattler helps identify which application DLL’s are vulnerable to DLL preloading attacks. In a nutshell, DLL preloading attacks allow you to trick applications into loading and executing malicious DLL’s. DLL preloading attacks can result in escalation of privileges, persistence and RCE in some...
Rapid7 AppSpider Pro DLL Preloading Vulnerability (CNVD-2017-10390)
AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A DLL preloading vulnerability exists in the Rapid7 AppSpider Pro installer, which can be exploited by an attacker to load a malicious DLL...
CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
Design/Logic Flaw
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...