Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2018-05-22 | 6.8 MEDIUM | 7.8 HIGH |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
| CVE-2018-0561 | 1 Securebrain | 1 Phishwall | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0562 | 1 Coderium | 1 Soundengine | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0552 | 1 Securebrain | 1 Phishwall Client | 2018-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0540 | 1 Vix Project | 1 Vix | 2018-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0544 | 1 Woodybells | 1 Winshot | 2018-03-26 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0543 | 1 Woodybells | 1 Jtrim | 2018-03-26 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-7239 | 1 Schneider-electric | 13 Atv12 Dtm, Atv212 Dtm, Atv312 Dtm and 10 more | 2018-03-26 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | |||||
| CVE-2018-7484 | 1 Purevpn | 1 Purevpn | 2018-03-17 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking. | |||||
| CVE-2018-0515 | 1 Flets | 1 Azukeru Backup Tool | 2018-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0516 | 1 Flets | 1 Address Selection Tool | 2018-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2018-03-13 | 9.3 HIGH | 7.8 HIGH |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | |||||
| CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2018-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532. | |||||
| CVE-2018-0517 | 1 Kddi | 1 Anshin Net Security | 2018-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2252 | 1 Sourcenext | 1 File Compact | 2018-02-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-6318 | 1 Sophos | 1 Sophos Tester | 2018-02-15 | 9.3 HIGH | 7.8 HIGH |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack. | |||||
| CVE-2018-0507 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2018-02-13 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-6475 | 1 Superantispyware | 1 Superantispyware | 2018-02-13 | 9.3 HIGH | 7.8 HIGH |
| In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | |||||
| CVE-2017-5696 | 1 Intel | 1 Graphics Driver | 2018-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access. | |||||
| CVE-2017-7327 | 1 Yandex | 1 Yandex Browser | 2018-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | |||||