| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000622 |
427 |
|
Exec Code |
2018-07-09 |
2018-12-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. |
|
2 |
CVE-2018-20211 |
427 |
|
+Priv |
2019-01-02 |
2019-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). |
|
3 |
CVE-2018-15976 |
427 |
|
|
2018-10-17 |
2018-12-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. |
|
4 |
CVE-2018-14797 |
427 |
|
Exec Code |
2018-08-23 |
2018-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. |
|
5 |
CVE-2018-13806 |
427 |
|
Exec Code |
2018-09-12 |
2018-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. |
|
6 |
CVE-2018-11049 |
427 |
|
|
2018-07-11 |
2018-09-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. |
|
7 |
CVE-2018-11002 |
427 |
|
|
2018-11-29 |
2018-12-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. |
|
8 |
CVE-2018-7799 |
427 |
|
Exec Code |
2018-11-02 |
2018-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. |
|
9 |
CVE-2018-5457 |
427 |
|
|
2018-02-06 |
2018-03-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. |
|
10 |
CVE-2018-5238 |
427 |
|
|
2018-08-22 |
2018-11-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. |
|
11 |
CVE-2017-14029 |
427 |
|
|
2017-11-06 |
2017-11-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. |
|
12 |
CVE-2017-14020 |
427 |
|
|
2017-11-13 |
2018-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. |
|
13 |
CVE-2017-14017 |
427 |
|
Exec Code |
2017-10-19 |
2017-11-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. |
|
14 |
CVE-2017-14010 |
427 |
|
Exec Code |
2018-04-26 |
2018-06-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. |
|
15 |
CVE-2017-13993 |
427 |
|
Exec Code |
2017-10-04 |
2017-11-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. |
|
16 |
CVE-2017-12717 |
427 |
|
Exec Code |
2017-08-30 |
2017-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. |
|
17 |
CVE-2017-12314 |
427 |
|
|
2017-11-16 |
2017-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955. |
|
18 |
CVE-2017-9661 |
427 |
|
Exec Code |
2017-08-14 |
2017-08-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. |
|
19 |
CVE-2017-9648 |
427 |
|
Exec Code |
2017-08-14 |
2017-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. |
|
20 |
CVE-2017-9646 |
427 |
|
Exec Code |
2017-08-14 |
2017-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. |
|
21 |
CVE-2017-6051 |
427 |
|
Exec Code |
2017-05-08 |
2017-05-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. |
|
22 |
CVE-2017-6033 |
427 |
|
|
2017-04-07 |
2017-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. |
|
23 |
CVE-2017-5175 |
427 |
|
Exec Code |
2018-05-09 |
2018-06-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. |
|
24 |
CVE-2017-5170 |
427 |
|
|
2018-01-18 |
2018-02-06 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. |
|
25 |
CVE-2017-5161 |
427 |
|
|
2017-02-13 |
2017-03-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. |
|
26 |
CVE-2017-5147 |
427 |
|
|
2017-09-08 |
2017-09-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. |
|
27 |
CVE-2017-4987 |
427 |
|
Exec Code |
2017-06-19 |
2017-06-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability. |
|
28 |
CVE-2017-2288 |
427 |
|
+Priv |
2017-08-02 |
2017-08-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
29 |
CVE-2017-2287 |
427 |
|
+Priv |
2017-08-02 |
2017-08-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
30 |
CVE-2017-2286 |
427 |
|
+Priv |
2017-08-02 |
2017-08-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
31 |
CVE-2017-2210 |
427 |
|
+Priv |
2017-06-09 |
2017-06-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
32 |
CVE-2016-4526 |
427 |
|
+Priv |
2016-09-18 |
2016-11-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. |
|
33 |
CVE-2014-8393 |
427 |
|
|
2017-08-28 |
2018-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. |
