Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2019-1010100 7.8 HIGH EPSS 0.00

Akeo Consulting Rufus <3.0 - RCE

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

CWE-427 Jul 19, 2019

CVE-2019-7956 7.8 HIGH EPSS 0.01

Adobe Dreamweaver <19.0 - DLL Hijacking

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

CWE-427 Jul 18, 2019

CVE-2019-6825 7.8 HIGH EPSS 0.00

ProClima <8.0.0 - Code Injection

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

CWE-427 Jul 15, 2019

CVE-2019-5629 7.8 HIGH EPSS 0.00

Rapid7 Insight Agent < 2.6.3 - Uncontrolled Search Path

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.

CWE-427 Jul 13, 2019

CVE-2019-12575 7.8 HIGH 1 Writeup EPSS 0.00

Londontrustmedia Private Internet Acc... - Uncontrolled Search Path

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The root_runner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts to load several libraries under /tmp/ruby-deploy.old/lib. A local unprivileged user can create a malicious library under this path to execute arbitrary code as the root user.

CWE-427 Jul 11, 2019

CVE-2019-1855 7.3 HIGH EPSS 0.01

Cisco Jabber for Windows - Local Privilege Escalation

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.

CWE-427 Jul 04, 2019

CVE-2019-5443 7.8 HIGH EPSS 0.01

curl <=7.65.1 - Code Injection

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

CWE-427 Jul 02, 2019

CVE-2019-12280 7.8 HIGH EPSS 0.01

PC-Doctor Toolbox <7.3 - Buffer Overflow

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

CWE-427 Jun 25, 2019

CVE-2019-12572 7.8 HIGH 1 Writeup EPSS 0.00

Londontrustmedia Private Internet Access - Uncontrolled Search Path

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts.

CWE-427 Jun 21, 2019

CVE-2019-12133 7.8 HIGH 1 Writeup EPSS 0.00

Multiple Zoho ManageEngine products - Privilege Escalation

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

CWE-427 Jun 18, 2019

CVE-2019-5245 5.3 MEDIUM EPSS 0.00

HiSuite <9.1.0.300 - Code Injection

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.

CWE-427 Jun 13, 2019

CVE-2019-12177 7.8 HIGH EPSS 0.00

ViveportDesktopService <1.0.0.36 - Privilege Escalation

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

CWE-427 Jun 03, 2019

CVE-2019-7093 7.8 HIGH EPSS 0.01

Creative Cloud Desktop App <4.7.0.400 - Privilege Escalation

Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CWE-427 May 24, 2019

CVE-2018-7840 7.8 HIGH EPSS 0.00

VideoXpert OpsCenter <3.1 - Buffer Overflow

A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.

CWE-427 May 22, 2019

CVE-2019-11644 7.8 HIGH EPSS 0.00

F-Secure <17.6 - Privilege Escalation

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.

CWE-427 May 17, 2019

CVE-2019-5526 7.8 HIGH EXPLOITED 1 PoC Analysis EPSS 0.13

Vmware Workstation < 15.1.0 - Uncontrolled Search Path

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.

CWE-427 May 15, 2019

CVE-2019-5676 6.7 MEDIUM EPSS 0.00

Nvidia Gpu Display Driver < 412.36 - Uncontrolled Search Path

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

CWE-427 May 10, 2019

CVE-2019-6564 7.8 HIGH EPSS 0.00

GE Communicator < 4.0.517 - Uncontrolled Search Path

GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

CWE-427 May 09, 2019

CVE-2019-6546 7.8 HIGH EPSS 0.00

GE Communicator < 4.0.517 - Uncontrolled Search Path

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

CWE-427 May 09, 2019

CVE-2019-1794 5.1 MEDIUM EPSS 0.00

Cisco Meeting Server - Uncontrolled Search Path

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

CWE-427 Apr 18, 2019

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps