Vulnerabilities > Untrusted Search Path
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7755 | Untrusted Search Path vulnerability in Mozilla Firefox The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. | 7.8 |
2018-06-11 | CVE-2018-6514 | Untrusted Search Path vulnerability in Puppet In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | 7.8 |
2018-06-11 | CVE-2018-6513 | Untrusted Search Path vulnerability in Puppet and Puppet Enterprise Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. | 8.8 |
2018-06-05 | CVE-2018-7884 | Untrusted Search Path vulnerability in Displaylink Core Software Cleaner 8.2.1956 An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. | 7.8 |
2018-06-01 | CVE-2018-11551 | Untrusted Search Path vulnerability in NCH Axon PBX 2.02 AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. | 7.8 |
2018-05-23 | CVE-2018-10650 | Untrusted Search Path vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 7.8 |
2018-05-19 | CVE-2018-4927 | Untrusted Search Path vulnerability in Adobe Indesign Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. | 7.8 |
2018-05-17 | CVE-2018-10027 | Untrusted Search Path vulnerability in Estsoft Alzip ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. | 7.8 |
2018-05-14 | CVE-2018-0580 | Untrusted Search Path vulnerability in Celsys products Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2018-04-24 | CVE-2017-2802 | Untrusted Search Path vulnerability in Dell Precision Optimizer 3.5.5.0 An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. | 7.8 |