Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2017-5232 Untrusted Search Path vulnerability in Rapid7 Nexpose
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-01-30 CVE-2016-6167 Untrusted Search Path vulnerability in Putty 0.67
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
local
low complexity
putty CWE-426
7.8
2017-01-23 CVE-2016-1417 Untrusted Search Path vulnerability in Snort 2.9.7.0
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
network
low complexity
snort CWE-426
8.8
2017-01-23 CVE-2016-1281 Untrusted Search Path vulnerability in Idrix Truecrypt and Veracrypt
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.
local
low complexity
idrix CWE-426
7.8
2017-01-05 CVE-2016-10009 Untrusted Search Path vulnerability in Openbsd Openssh
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
network
low complexity
openbsd CWE-426
7.3
2016-12-29 CVE-2016-7085 Untrusted Search Path vulnerability in VMWare Workstation Player and Workstation PRO
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
vmware CWE-426
7.8
2016-12-20 CVE-2016-7300 Untrusted Search Path vulnerability in Microsoft Auto Updater for mac
Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-426
7.8
2016-11-11 CVE-2016-9274 Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory.
local
low complexity
git-for-windows-project CWE-426
7.8
2016-08-08 CVE-2016-5330 Untrusted Search Path vulnerability in VMWare products
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
local
low complexity
vmware CWE-426
7.8
2016-04-09 CVE-2016-1014 Untrusted Search Path vulnerability in Adobe products
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
local
low complexity
adobe CWE-426
7.3