Total
561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2233 | 1 Moj | 1 Pdf Digital Signature | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2252 | 1 Sourcenext | 1 File Compact | 2025-04-20 | N/A |
| Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2267 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | N/A |
| Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2268 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-10821 | 1 Enecho.meti | 1 Shin Kikan Toukei Houkoku Data Nyuryokuyou Program | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-11157 | 2 Microsoft, Synology | 2 Windows, Cloud Station Backup | 2025-04-20 | N/A |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | ||||
| CVE-2017-2108 | 1 Softbank | 1 Primedrive Desktop Application | 2025-04-20 | N/A |
| Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2014-8358 | 1 Huawei | 6 Ec156, Ec156 Firmware, Ec176 and 3 more | 2025-04-20 | N/A |
| Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. | ||||
| CVE-2017-2149 | 1 Toshiba | 1 Flashair | 2025-04-20 | N/A |
| Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-3291 | 4 Debian, Mariadb, Oracle and 1 more | 11 Debian Linux, Mariadb, Mysql and 8 more | 2025-04-20 | 6.3 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). | ||||
| CVE-2017-2157 | 1 Jpki | 1 The Public Certification Service For Individuals | 2025-04-20 | N/A |
| Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-3511 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2017-2189 | 1 Sharp | 1 Rw-4040 | 2025-04-20 | N/A |
| Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-4901 | 1 National Tax Agency | 1 E-tax | 2025-04-20 | N/A |
| Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-7804 | 1 7-zip | 1 7-zip | 2025-04-20 | N/A |
| Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-7838 | 1 Winsparkle | 1 Winsparkle | 2025-04-20 | N/A |
| Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | ||||
| CVE-2017-2209 | 1 Santeikohyo | 1 Installer Of Houkokusyo Sakusei Shien Tool | 2025-04-20 | N/A |
| Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-8746 | 1 Apache | 1 Ranger | 2025-04-20 | N/A |
| Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | ||||
| CVE-2017-4939 | 1 Vmware | 1 Workstation | 2025-04-20 | N/A |
| VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. | ||||
| CVE-2016-1417 | 1 Snort | 1 Snort | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. | ||||