Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-6475 1 Superantispyware 1 Superantispyware 2024-11-21 N/A
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.
CVE-2018-6461 2 March-hare, Microsoft 2 Wincvs, Windows 2024-11-21 N/A
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
CVE-2018-6384 1 Nsclient 1 Nsclient\+\+ 2024-11-21 N/A
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
CVE-2018-6321 1 Pandasecurity 1 Panda Global Protection 2024-11-21 N/A
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
CVE-2018-6318 1 Sophos 1 Sophos Tester 2024-11-21 N/A
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
CVE-2018-6306 1 Kaspersky 1 Password Manager 2024-11-21 N/A
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
CVE-2018-6218 1 Trendmicro 5 Deep Security, Endpoint Sensor, Officescan and 2 more 2024-11-21 7.0 High
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
CVE-2018-6016 1 10-strike 1 Network Monitor 2024-11-21 N/A
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
CVE-2018-5470 1 Philips 1 Intellispace Portal 2024-11-21 N/A
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
CVE-2018-5457 2 Microsoft, Vyaire 2 Windows Xp, Carefusion Upgrade Utility 2024-11-21 N/A
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
CVE-2018-5238 1 Symantec 2 Norton Power Eraser, Symdiag 2024-11-21 N/A
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
CVE-2018-5235 1 Symantec 1 Norton Utilities 2024-11-21 N/A
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
CVE-2018-5003 2 Adobe, Microsoft 2 Creative Cloud, Windows 2024-11-21 N/A
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-4927 3 Adobe, Apple, Microsoft 3 Indesign, Mac Os X, Windows 2024-11-21 N/A
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2018-4873 1 Adobe 1 Creative Cloud 2024-11-21 N/A
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2018-3774 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 9.8 Critical
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
CVE-2018-3688 1 Intel 1 Quartus Prime Programmer And Tools 2024-11-21 N/A
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3687 1 Intel 1 Quartus Ii Programmer And Tools 2024-11-21 N/A
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3684 1 Intel 1 Quartus Ii 2024-11-21 N/A
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3683 1 Intel 1 Quartus Prime 2024-11-21 N/A
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.