Vulnerabilities (CVE)

Filtered by CWE-426
Total 553 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2207 1 Saat 1 Personal 2025-04-20 6.8 MEDIUM 8.8 HIGH
Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-6798 1 Trendmicro 1 Endpoint Sensor 2025-04-20 9.3 HIGH 7.8 HIGH
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
CVE-2016-1417 1 Snort 1 Snort 2025-04-20 6.8 MEDIUM 8.8 HIGH
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
CVE-2017-5235 1 Rapid7 1 Metasploit 2025-04-20 6.8 MEDIUM 7.8 HIGH
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
CVE-2017-2265 1 Resume-next 1 Filecapsule Deluxe Portable 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10830 1 Ntt 1 Security Setup Tool 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2193 1 Tera Term Project 1 Tera Term 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10887 2 Bookwalker, Microsoft 2 Book Walker, Windows 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2156 1 Vivaldi 1 Vivaldi Installer For Windows 2025-04-20 6.8 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
CVE-2016-8746 1 Apache 1 Ranger 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
CVE-2017-2206 1 Saat 1 Netizen 2025-04-20 6.8 MEDIUM 8.8 HIGH
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10836 1 Optim 1 Optimal Guard 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-7838 1 Winsparkle 1 Winsparkle 2025-04-20 6.8 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
CVE-2014-8358 1 Huawei 6 Ec156, Ec156 Firmware, Ec176 and 3 more 2025-04-20 9.3 HIGH 7.8 HIGH
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
CVE-2017-5234 1 Rapid7 1 Insight Collector 2025-04-20 6.8 MEDIUM 7.8 HIGH
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
CVE-2017-2157 1 Jpki 1 The Public Certification Service For Individuals 2025-04-20 4.4 MEDIUM 7.3 HIGH
Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10885 1 Sbisec 1 Hyper Sbi 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2267 1 Resume-next 1 Filecapsule Deluxe Portable 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2227 1 Charamin 1 Omp 2025-04-20 6.8 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-10829 1 Ntt 1 Enkaku Support Tool 2025-04-20 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.