203 matches found
The vulnerability of Zoom video conferencing software relates to an uncontrolled search path element, allowing attackers to elevate their privileges to that of the SYSTEM user.
The vulnerability of Zoom video conferencing software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to elevate their privileges to that of the SYSTEM user...
Code injection
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1...
CVE-2023-0247
CVE-2023-0247 affects the Go library bits-and-blooms/bloom, with versions prior to 3.3.1 vulnerable to an Uncontrolled Search Path Element. The issue originates from how the application resolves search paths, enabling potential path hijacking. Affected product/version: bits-and-blooms/bloom befor...
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...
NEC Expresscluster X 代码问题漏洞
NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to enable fast restore functions and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X 5.0 for Windows and prior versions,...
CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...
CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element
AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...
AutomationDirect C-More EA9 HMI
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerabilities: Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...
CVE-2022-28541
CVE-2022-28541 describes an Uncontrolled search path element vulnerability in Samsung Update, affecting versions prior to 3.0.77.0. The flaw allows local attackers with Samsung Update permission to execute arbitrary code. No exploit details, affected platforms, nor fixed versions are provided bey...
CVE-2022-26337
Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...
CVE-2022-26337
Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...
CVE-2021-3840
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...
Type confusion
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...
CVE-2021-3840
CVE-2021-3840 : A dependency confusion flaw in the Antilles open-source software prior to 1.0.1 could allow remote code execution during installation when a package listed in requirements.txt does not exist in PyPI. The issue is categorized as CWE-427 (Uncontrolled Search Path Element) where a pr...
Delta Electronics DIALink
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...
CVE-2021-35982
CVE-2021-35982 affects Adobe Acrobat Reader DC and related products, with an Uncontrolled Search Path Element leading to DLL hijacking and arbitrary code execution in the current user context. Root cause: vulnerable DLL search path handling enables a local attacker with non-administrative privile...
Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)
The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...
Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...
CVE-2021-22775
GP-Pro EX, V4.09.250 and earlier, are affected by CWE-427: Uncontrolled Search Path Element. The issue stems from failure to properly filter special elements in the software’s search path, potentially enabling local code execution with elevated privileges during installation. Impact: local code e...
CVE-2021-28594
The CVE-2021-28594 entry concerns Adobe Creative Cloud Desktop Application installer (2.4 and earlier). The vulnerability is an Uncontrolled Search Path Element in the installer, allowing arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a ...