Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-9896 Uncontrolled Search Path Element vulnerability in multiple products
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
local
low complexity
putty opensuse CWE-427
7.8
2019-03-21 CVE-2019-4094 Uncontrolled Search Path Element vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library.
local
low complexity
ibm CWE-427
7.8
2019-03-11 CVE-2018-1890 Uncontrolled Search Path Element vulnerability in IBM SDK 8.0
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.
local
low complexity
ibm CWE-427
7.8
2019-03-08 CVE-2019-9634 Uncontrolled Search Path Element vulnerability in Golang GO
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
local
low complexity
golang CWE-427
7.8
2019-03-01 CVE-2019-9546 Uncontrolled Search Path Element vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
network
low complexity
solarwinds CWE-427
critical
9.8
2019-02-25 CVE-2019-9116 Uncontrolled Search Path Element vulnerability in Sublimetext Sublime Text 3 3.1.1
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder.
local
low complexity
sublimetext CWE-427
7.8
2019-02-09 CVE-2019-7653 Uncontrolled Search Path Element vulnerability in multiple products
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot.
network
low complexity
rdflib-project debian canonical CWE-427
critical
9.8
2019-01-09 CVE-2018-16177 Uncontrolled Search Path Element vulnerability in Ntt-West Fall Creators Update
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
ntt-west CWE-427
7.8
2019-01-02 CVE-2018-20211 Uncontrolled Search Path Element vulnerability in Exiftool Project Exiftool 8.32
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking.
local
low complexity
exiftool-project CWE-427
7.8
2018-11-13 CVE-2018-15452 Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection for Endpoints
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions.
local
low complexity
cisco CWE-427
6.7