Lucene search
+L

44 matches found

CVE
CVE
added 2021/11/03 7:5 p.m.50 views

CVE-2021-38422

Delta Electronics DIALink is affected in versions 1.2.4.0 and earlier by CVE-2021-38422, which stores sensitive information in cleartext, potentially granting an attacker extensive access to the application directory and privilege escalation. The CVSS v3 base score is 7.8 (HIGH) with LOCAL attack...

7.8CVSS7.8AI score0.00166EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/10/01 3:15 a.m.27 views

CVE-2021-3747

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner...

8.8CVSS0.00238EPSS
Exploits0References1
Prion
Prion
added 2021/10/01 3:15 a.m.21 views

Design/Logic Flaw

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner...

4.6CVSS7.6AI score0.00238EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/01 2:35 a.m.31 views

CVE-2021-3747 MacOS version of Multipass incorrect owner for application directory

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner...

8.8CVSS8.9AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/09/28 12:0 a.m.4 views

CVE-2021-3747

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner...

8.8CVSS7.1AI score0.00238EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/08/25 10:15 p.m.25 views

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

9.8CVSS0.02744EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/25 3:48 p.m.16 views

CVE-2020-6771 Uncontrolled Search Path Element in Bosch IP Helper

Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application...

7.8CVSS7.9AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 3:15 p.m.2 views

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...

7.8CVSS7.1AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/01/11 2:33 p.m.27 views

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...

7.5AI score0.00468EPSS
Exploits0References1
OSV
OSV
added 2019/12/18 8:15 p.m.3 views

CVE-2019-19688

A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks versions below 5.3.0.1063 could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges...

7.8CVSS5.8AI score0.00559EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/02 5:18 a.m.3 views

The installer of Microsoft Teams may insecurely load Dynamic Link Libraries

Overview The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no plan to release a...

7.8CVSS7AI score0.04605EPSS
Exploits0References6
Prion
Prion
added 2017/11/16 3:29 p.m.21 views

Design/Logic Flaw

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

7.2CVSS7.5AI score0.00984EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2017/11/16 3:0 p.m.31 views

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

7.6AI score0.00984EPSS
Exploits3References2
OSV
OSV
added 2017/08/29 8:29 p.m.22 views

PYSEC-2017-105

Apache Atlas versions 0.6.0 incubating, 0.7.0 incubating, and 0.7.1 incubating allow access to the webapp directory contents by pointing to URIs like /js and /img...

7.5CVSS7.1AI score0.02127EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.7 views

OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability

OSRAM SYLVANIA Osram Lightify Home is an open IoT platform for automated control of lighting devices from German company OSRAM. A security vulnerability exists in OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26, which originates from the program storing the PSK in plaintext in the...

7.5CVSS6.8AI score0.01397EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2017/05/31 12:0 a.m.42 views

Intel SSD Toolbox 3.4.3 DLL Hijacking

Hi @ll, executable installers built with Intels Installation Framework, for example "Intel SSD Toolbox - v3.4.3.exe", available from , expose two vulnerabilities, both resulting in arbitrary code execution with escalation of privilege. Vulnerability 1: On a fully patched Windows 7 SP1 they load a...

Exploits0
Packet Storm
Packet Storm
added 2017/02/08 12:0 a.m.59 views

SumatraPDF 3.1.2 DLL Hijacking

Hi @ll, the executable installer deg and the "portable" version of SumatraPDF 3.1.2 available from are vulnerable to DLL hijacking ': The executable installers SumatraPDF-3.1.2-install.exe and SumatraPDF-3.1.2-64-install.exe load and execute tested on a fully patched Windows 7 SP1 at least...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2016/07/13 12:0 a.m.92 views

Bitdefender Antivirus Free Edition DLL Hijacking

Aloha, AntivirusFreeEditionx64.exe loads and executes dll from its "application directory". For software downloaded with a web browser the applicationdirectory is typically the user's "Downloads" directory: see , and for "prior art" about this well-known and well-documented vulnerability. If an...

0.1AI score
Exploits0
Debian CVE
Debian CVE
added 2016/01/21 2:0 a.m.29 views

CVE-2016-0602

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU...

6.2CVSS4.8AI score0.00433EPSS
Exploits0
Cvelist
Cvelist
added 2015/05/14 10:0 a.m.26 views

CVE-2015-2720

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file...

6.1AI score0.00287EPSS
Exploits0References4
Rows per page
Query Builder