CVE-2024-29734

CVE-2024-29734 (SonicDICOM Media Viewer) involves an uncontrolled DLL search path element in SonicDICOM Media Viewer 2.3.2 and earlier. The root cause is a DLL search path issue (CWE-427) that may lead to insecure loading of Dynamic Link Libraries, allowing arbitrary code to execute with the priv...

PT-2024-3033 · Vt Studio · Vt Studio

Name of the Vulnerable Software and Affected Versions: VT STUDIO versions 8.32 and earlier Description: The issue is related to an uncontrolled element of the path search, which may lead to insecurely loading Dynamic Link Libraries. This could allow a remote attacker to execute arbitrary code wit...

SonicDICOM Media Viewer 安全漏洞

SonicDICOM Media Viewer is a software for viewing medical image files from SonicDICOM, Inc. A security vulnerability exists in SonicDICOM Media Viewer 2.3.2 and prior versions, which stems from a contained DLL search path issue that could lead to unsafe loading of dynamic link libraries...

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

CVE-2024-1605

CVE-2024-1605 affects BMC Control-M branches 9.0.20 and 9.0.21. On user login, the app loads all DLLs from a directory that has write/read access for all users, allowing potentially malicious libraries to load and execute with the application’s privileges. The CVE details indicate the vulnerabili...

CVE-2024-1605 DLL side-loading in BMC Control-M

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

CVE-2024-1605 DLL side-loading in BMC Control-M

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

PT-2024-20751 · Appsamvid · Appsamvid

Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue exists due to the usage of vulnerable and outdated components in the software. An attacker with local administrative privileges could exploit this by placing malicious DLLs on t...

PT-2024-1947 · Delta Electronics · Cncsoft-B Dopsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-B DOPSoft versions prior to 4.0.0.82 Description: The issue is related to the insecure loading of libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...

CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

PT-2024-19401 · Unknown · Creditcoin

Name of the Vulnerable Software and Affected Versions: Creditcoin affected versions not specified Description: The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files...

CVE-2023-6061

Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority Palo Alto Networks based on discussions with Mitsubishi Electronics Corporation's PSIRT...

CVE-2023-6061

...

CVE-2023-6061

...

CVE-2023-2071

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions...

PT-2023-4542 · Mcafee · Mcafee Safe Connect

Name of the Vulnerable Software and Affected Versions: McAfee Safe Connect versions prior to 2.16.1.126 Description: The issue is related to an uncontrolled search path element, which may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. This can...

Privilege escalation

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

CVE-2023-34395 Apache Airflow ODBC Provider: Remote code execution vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

K54460845: BIG-IP Edge Client for Windows vulnerability CVE-2022-28714

Security Advisory Description A DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. CVE-2022-28714 Impact This vulnerability may be exploited to allow an attacker to use malicious Dynamic Link Libraries DLL to gain privilege escalation on the client Windows system...

Arbitrary Code Execution

squirrel.windows is vulnerable to arbitrary code execution. The vulnerability exists because the MitigateDllHijacking function of winmain.cpp insecurely loads the dynamic link libraries dll, allowing an attacker to inject and execute malicious code...