Search Results (2569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-6669 1 Mcafee 1 Application Change Control 2024-11-21 N/A
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.
CVE-2018-6661 2 Mcafee, Microsoft 2 True Key, Windows 2024-11-21 7.8 High
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
CVE-2018-6624 1 Omron 7 Ns10, Ns12, Ns15 and 4 more 2024-11-21 N/A
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
CVE-2018-6514 2 Microsoft, Puppet 2 Windows, Puppet 2024-11-21 N/A
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
CVE-2018-6513 1 Puppet 2 Puppet, Puppet Enterprise 2024-11-21 N/A
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.
CVE-2018-6475 1 Superantispyware 1 Superantispyware 2024-11-21 N/A
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.
CVE-2018-6461 2 March-hare, Microsoft 2 Wincvs, Windows 2024-11-21 N/A
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
CVE-2018-6384 1 Nsclient 1 Nsclient\+\+ 2024-11-21 N/A
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
CVE-2018-6321 1 Pandasecurity 1 Panda Global Protection 2024-11-21 N/A
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
CVE-2018-6318 1 Sophos 1 Sophos Tester 2024-11-21 N/A
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
CVE-2018-6306 1 Kaspersky 1 Password Manager 2024-11-21 N/A
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
CVE-2018-6218 1 Trendmicro 5 Deep Security, Endpoint Sensor, Officescan and 2 more 2024-11-21 7.0 High
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
CVE-2018-6016 1 10-strike 1 Network Monitor 2024-11-21 N/A
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
CVE-2018-5470 1 Philips 1 Intellispace Portal 2024-11-21 N/A
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
CVE-2018-5457 2 Microsoft, Vyaire 2 Windows Xp, Carefusion Upgrade Utility 2024-11-21 N/A
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
CVE-2018-5238 1 Symantec 2 Norton Power Eraser, Symdiag 2024-11-21 N/A
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
CVE-2018-5235 1 Symantec 1 Norton Utilities 2024-11-21 N/A
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
CVE-2018-5003 2 Adobe, Microsoft 2 Creative Cloud, Windows 2024-11-21 N/A
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-4927 3 Adobe, Apple, Microsoft 3 Indesign, Mac Os X, Windows 2024-11-21 N/A
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2018-4873 1 Adobe 1 Creative Cloud 2024-11-21 N/A
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.