CVE-2018-6461

The CVE-2018-6461 issue involves March Hare WINCVS (pre-2.8.01 build 6610) and CVS Suite (pre-2009R2 build 6610). The root cause is Insecure Library Loading via a Trojan DLL (Python or TCL) placed in the current working directory, targeting wincvs2.exe or wincvs.exe. This enables a local attacker...

CVE-2018-6461

March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

CVE-2017-16690

A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll located in your Syswow64 / System32 folder from the folder the executable is in a...

The vulnerability of the TRIE component of the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the TRIE component in the Windows operating system is related to errors that occur during the loading of DLL files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted DLL files...

The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries

Overview Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and Shun Suza...

CVE-2017-12314

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...

Code injection

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...

dll hijacking vulnerability in Yisetron Data Security Guard

Yisetong Data Security Guard is a security product that specializes in preventing your private data assets from being illegally stolen or used by others in the process of sharing and storing. A dll hijacking vulnerability exists in Yisetone Data Safeguard. The vulnerability is due to an unsafe...

CVE-2017-13676

Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a...

Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of...

CVE-2017-6768

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system...

CVE-2017-4921

VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...

CVE-2017-4921

VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...

Privilege escalation

VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...

CVE-2017-4921

The CVE-2017-4921 issue affects VMware vCenter Server 6.5 prior to 6.5 U1. The root cause is an insecure library loading mechanism that uses LD_LIBRARY_PATH in an unsafe way, which can allow an unprivileged host user to load a shared library and potentially escalate privileges. Relevant connected...

CVE-2017-4921

VMware vCenter Server 6.5 prior to 6.5 U1 contains an insecure library loading issue that occurs due to the use of LDLIBRARYPATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation...

VMware vCenter Server Appliance 6.5 < 6.5 U1 Multiple Vulnerabilities (VMSA-2017-0013)

The version of VMware vCenter Server Appliance installed on the remote host is 6.5 prior to 6.5 Update 1 6.5 U1. It is, therefore, affected by multiple vulnerabilities : - An insecure library loading issue exists due to the use of the LDLIBRARYPATH variable to look for specific files or libraries...

FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

CVE-2017-3097

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution...