Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7755 Untrusted Search Path vulnerability in Mozilla Firefox
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run.
local
low complexity
mozilla CWE-426
7.8
2018-06-11 CVE-2018-6514 Untrusted Search Path vulnerability in Puppet
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
local
low complexity
puppet CWE-426
7.8
2018-06-11 CVE-2018-6513 Untrusted Search Path vulnerability in Puppet and Puppet Enterprise
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run.
network
low complexity
puppet CWE-426
8.8
2018-06-05 CVE-2018-7884 Untrusted Search Path vulnerability in Displaylink Core Software Cleaner 8.2.1956
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956.
local
low complexity
displaylink CWE-426
7.8
2018-06-01 CVE-2018-11551 Untrusted Search Path vulnerability in NCH Axon PBX 2.02
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
local
low complexity
nch CWE-426
7.8
2018-05-23 CVE-2018-10650 Untrusted Search Path vulnerability in Citrix Xenmobile Server 10.7/10.8
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
local
low complexity
citrix CWE-426
7.8
2018-05-19 CVE-2018-4927 Untrusted Search Path vulnerability in Adobe Indesign
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability.
local
low complexity
adobe CWE-426
7.8
2018-05-17 CVE-2018-10027 Untrusted Search Path vulnerability in Estsoft Alzip
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
local
low complexity
estsoft CWE-426
7.8
2018-05-14 CVE-2018-0580 Untrusted Search Path vulnerability in Celsys products
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
celsys CWE-426
7.8
2018-04-24 CVE-2017-2802 Untrusted Search Path vulnerability in Dell Precision Optimizer 3.5.5.0
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0.
local
low complexity
dell CWE-426
7.8