VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 3 of 18
  • CVE-2024-7886HigAug 16, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a…

  • CVE-2018-6700HigSep 24, 2018
    risk 0.51cvss 7.8epss 0.01

    DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

  • CVE-2018-0649HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an…

  • CVE-2018-0648HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0624HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series…

  • CVE-2018-0623HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series…

  • CVE-2018-0656HigSep 4, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-5003HigAug 29, 2018
    risk 0.51cvss 7.8epss 0.05

    Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2018-0621HigJul 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0620HigJul 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0619HigJul 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-13133HigJul 4, 2018
    risk 0.51cvss 7.8epss 0.00

    Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.

  • CVE-2018-13102HigJul 3, 2018
    risk 0.51cvss 7.8epss 0.01

    AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.

  • CVE-2018-0609HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0601HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0600HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0599HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.05

    Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0598HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.09

    Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0597HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.05

    Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0596HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.05

    Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.