CWE-426
Untrusted Search Path
Description
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-38
CVEs mapped to this weakness (355)
page 7 of 18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12252 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2017 | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application… | ||
| CVE-2017-10860 | Hig | 0.51 | 7.8 | 0.02 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | ||
| CVE-2017-10859 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10858 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10855 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2017 | Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10851 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2017 | Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10850 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2017 | Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature… | ||
| CVE-2017-10849 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2017 | Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10848 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2017 | Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10829 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2017 | Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-11158 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2017 | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or… | ||
| CVE-2017-11157 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll… | ||
| CVE-2017-2242 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10836 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10831 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10830 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10828 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10827 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10826 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-10812 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2017 | Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application…
- risk 0.51cvss 7.8epss 0.02
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature…
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.00
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or…
- risk 0.51cvss 7.8epss 0.00
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll…
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.