Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2017-08-17 CVE-2017-6768 Untrusted Search Path vulnerability in Cisco Application Policy Infrastructure Controller
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges.
local
low complexity
cisco CWE-426
7.8
2017-08-16 CVE-2017-12892 Untrusted Search Path vulnerability in Foxitsoftware PDF Compressor
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
foxitsoftware CWE-426
7.8
2017-08-06 CVE-2017-12480 Untrusted Search Path vulnerability in Sandboxie Installer 5071703
Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory.
local
low complexity
sandboxie CWE-426
7.8
2017-08-04 CVE-2017-2221 Untrusted Search Path vulnerability in Baidu IME 3.6.1.6
Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
baidu CWE-426
7.8
2017-08-04 CVE-2017-10820 Untrusted Search Path vulnerability in IPA IP Messenger 4.60
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
ipa CWE-426
7.8
2017-08-04 CVE-2017-11657 Untrusted Search Path vulnerability in Dashlane
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
local
low complexity
dashlane CWE-426
7.3
2017-08-03 CVE-2017-12414 Untrusted Search Path vulnerability in Pcfreetime Format Factory 4.1.0
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.
network
low complexity
pcfreetime CWE-426
critical
9.8
2017-08-02 CVE-2017-7642 Untrusted Search Path vulnerability in Hashicorp Vagrant VMWare Fusion
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
local
low complexity
hashicorp CWE-426
7.8
2017-08-02 CVE-2015-8264 Untrusted Search Path vulnerability in F-Secure Online Scanner
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.
local
low complexity
f-secure CWE-426
7.8
2017-08-02 CVE-2017-2279 Untrusted Search Path vulnerability in Kiri Tween
Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
kiri CWE-426
7.8