Search Results (2570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2107 1 Akky 1 7-zip32.dll 2025-04-20 N/A
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-17809 1 Goldenfrog 1 Vyprvpn 2025-04-20 N/A
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.
CVE-2017-16777 1 Hashicorp 1 Vagrant 2025-04-20 N/A
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVE-2017-16690 1 Sap 1 Plant Connectivity 2025-04-20 N/A
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.
CVE-2017-15383 1 Nero 1 Nero 2025-04-20 N/A
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.
CVE-2017-15235 1 Horde 1 Groupware 2025-04-20 N/A
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVE-2017-12730 1 Myscada 1 Mypro 2025-04-20 N/A
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
CVE-2017-12717 1 Advantech 1 Webaccess 2025-04-20 N/A
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
CVE-2017-12653 1 360totalsecurity 1 360 Total Security 2025-04-20 N/A
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
CVE-2017-11749 1 Internet-soft 1 Ftp Commander 2025-04-20 7.8 High
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.
CVE-2017-11748 1 Softonic 1 Spider Player 2025-04-20 N/A
VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file.
CVE-2017-11742 2 Libexpat Project, Microsoft 2 Libexpat, Windows 2025-04-20 N/A
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
CVE-2017-1000010 1 Audacityteam 1 Audacity 2025-04-20 7.8 High
Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.
CVE-2017-11657 1 Dashlane 1 Dashlane 2025-04-20 7.3 High
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVE-2017-10909 1 Sony 1 Music Center 2025-04-20 N/A
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10893 1 J-lis 1 The Public Certification Service For Individuals 2025-04-20 N/A
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10892 1 Sony 1 Music Center 2025-04-20 N/A
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10887 2 Bookwalker, Microsoft 2 Book Walker, Windows 2025-04-20 N/A
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10885 1 Sbisec 1 Hyper Sbi 2025-04-20 N/A
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10865 1 Hitachi-solutions 1 Confidential File Decryption 2025-04-20 N/A
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.