Design/Logic Flaw

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in th...

Synology Photo Station Uploader Arbitrary Code Execution Vulnerability

Synology Photo Station Uploader is a suite of applications that allow you to mass upload photos and videos to Photo Station. An arbitrary code execution vulnerability exists in the Synology Photo Station Uploader installer, which can be exploited by a local attacker to execute arbitrary code and...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the...

Multiple untrustworthy search path vulnerabilities in Synology Assistant

Synology Assistant is a Synology DiskStation LAN installation and management assistant. Multiple untrusted search path vulnerabilities in the Synology Assistant's installer can be exploited by a local attacker to execute arbitrary code or perform DLL hijacking via a Trojan horse in the current...

CVE-2017-11160

Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the current worki...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 security.dll, 2 secur32.dll, or 3 ws232.dll in the application or current...

CVE-2016-4802

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 security.dll, 2 secur32.dll, or 3 ws232.dll in the application or current...

HCView WriteAV Crash Proof Of Concept

!/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image files ; . Support .jpg,...

MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

A vulnerability in the way the Windows SearchPath function locates and opens files on the remote host could allow an attacker to execute arbitrary remote code if he can trick a user into downloading a specially crafted file into a specific location, such as the Windows Desktop. C Tenable Network...