CVE & Exploit Intelligence Database

CVE-2020-26894 7.8 HIGH EPSS 0.00

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe".

CWE-427 Oct 08, 2020

CVE-2020-3535 7.8 HIGH EPSS 0.00

A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account.

CWE-427 Oct 08, 2020

CVE-2020-24356 6.4 MEDIUM EPSS 0.00

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.

CWE-427 Oct 02, 2020

CVE-2020-26538 7.8 HIGH EPSS 0.00

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.

CWE-427 Oct 02, 2020

CVE-2020-15663 8.8 HIGH EPSS 0.02

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.

CWE-427 Oct 01, 2020

CVE-2020-6654 7.8 HIGH EPSS 0.00

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

CWE-427 Sep 30, 2020

CVE-2020-3979 7.8 HIGH EPSS 0.00

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

CWE-427 Sep 18, 2020

CVE-2020-7358 5.8 MEDIUM EPSS 0.00

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.

CWE-427 Sep 18, 2020

CVE-2020-7312 7.8 HIGH EPSS 0.00

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

CWE-427 Sep 10, 2020

CVE-2019-3881 7.8 HIGH EPSS 0.00

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

CWE-427 Sep 04, 2020

CVE-2020-24162 7.8 HIGH EPSS 0.00

The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.

CWE-427 Sep 03, 2020

CVE-2020-24161 7.8 HIGH EPSS 0.00

Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.

CWE-427 Sep 03, 2020

CVE-2020-24160 7.8 HIGH EPSS 0.00

Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.

CWE-427 Sep 03, 2020

CVE-2020-24159 7.8 HIGH EPSS 0.00

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.

CWE-427 Sep 03, 2020

CVE-2020-24158 7.8 HIGH EPSS 0.00

360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.

CWE-427 Sep 03, 2020

CVE-2020-25045 7.8 HIGH EPSS 0.00

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.

CWE-427 Sep 02, 2020

CVE-2020-15167 8.2 HIGH EPSS 0.00

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.

CWE-427 Sep 02, 2020

CVE-2020-5419 6.7 MEDIUM EPSS 0.00

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

CWE-427 Aug 31, 2020

CVE-2020-14349 7.1 HIGH EPSS 0.02

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

CWE-427 Aug 24, 2020

CVE-2020-9724 7.8 HIGH EPSS 0.01

Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation.

CWE-427 Aug 19, 2020