272 matches found
CVE-2024-36071
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...
SAMSUNG Magician PC Software Security Vulnerability
SAMSUNG Magician PC Software is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in SAMSUNG Magician PC Software version 8.0.0. An attacker could exploit the vulnerability to elevate privileges by tampering with...
CVE-2024-28099
VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...
CVE-2024-28099
CVE-2024-28099 affects VT STUDIO versions 8.32 and earlier. The root cause is an insecure DLL search path that may allow loading malicious DLLs, enabling arbitrary code execution with the application’s privileges. Reported across multiple sources (Red Hat, NVD, JVN/JVNVU, PT-Security, and others)...
CVE-2024-29734
Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...
CVE-2024-29734
Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...
CVE-2024-29734
CVE-2024-29734 (SonicDICOM Media Viewer) involves an uncontrolled DLL search path element in SonicDICOM Media Viewer 2.3.2 and earlier. The root cause is a DLL search path issue (CWE-427) that may lead to insecure loading of Dynamic Link Libraries, allowing arbitrary code to execute with the priv...
PT-2024-3033 · Vt Studio · Vt Studio
Name of the Vulnerable Software and Affected Versions: VT STUDIO versions 8.32 and earlier Description: The issue is related to an uncontrolled element of the path search, which may lead to insecurely loading Dynamic Link Libraries. This could allow a remote attacker to execute arbitrary code wit...
SonicDICOM Media Viewer 安全漏洞
SonicDICOM Media Viewer is a software for viewing medical image files from SonicDICOM, Inc. A security vulnerability exists in SonicDICOM Media Viewer 2.3.2 and prior versions, which stems from a contained DLL search path issue that could lead to unsafe loading of dynamic link libraries...
CVE-2024-1605
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...
CVE-2024-1605
CVE-2024-1605 affects BMC Control-M branches 9.0.20 and 9.0.21. On user login, the app loads all DLLs from a directory that has write/read access for all users, allowing potentially malicious libraries to load and execute with the application’s privileges. The CVE details indicate the vulnerabili...
CVE-2024-1605 DLL side-loading in BMC Control-M
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...
CVE-2024-1605 DLL side-loading in BMC Control-M
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...
PT-2024-20751 · Appsamvid · Appsamvid
Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue exists due to the usage of vulnerable and outdated components in the software. An attacker with local administrative privileges could exploit this by placing malicious DLLs on t...
PT-2024-1947 · Delta Electronics · Cncsoft-B Dopsoft
Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-B DOPSoft versions prior to 4.0.0.82 Description: The issue is related to the insecure loading of libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...
The vulnerability of the SCADA system (formerly InduSoft Web Studio) AVEVA Edge, related to the loading of unreliable DLL libraries, allows a intruder to execute arbitrary code and increase their privileges.
The vulnerability of the SCADA system formerly InduSoft Web Studio AVEVA Edge relates to the loading of unreliable DLL libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...
The vulnerability of the user interface of Trend Micro Air Support’s customer support system allows a hacker to gain access to read, modify, or delete data, execute arbitrary code, and increase their privileges.
The vulnerability of the user interface of Trend Micro Air Support’s customer support system lies in the loading of unreliable DLL libraries. Exploiting this vulnerability can allow attackers to gain access to read, modify, or delete data, execute arbitrary code, and increase their privileges...
CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...
PT-2024-19401 · Unknown · Creditcoin
Name of the Vulnerable Software and Affected Versions: Creditcoin affected versions not specified Description: The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files...
CVE-2023-6061
Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority Palo Alto Networks based on discussions with Mitsubishi Electronics Corporation's PSIRT...