Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427

CVE-2020-15663 HIGH

Firefox < 80 and Firefox ESR 68.0-68.11 - Uncontrolled Search Path Element via Updater Rollback

CVE-2020-6654 HIGH

Eaton 9000x Programming and Configuration Software < 2.0.38 - DLL Hijacking via vci11un6.DLL and cinpl.DLL

CVE-2020-3979 HIGH

InstallBuilder for Qt Windows < 20.7.0 - Uncontrolled Search Path Element via Plugin Loading

CVE-2020-7358 MEDIUM

AppSpider < 7.2.126 - Uncontrolled Search Path Element via Executable Placement

CVE-2020-7312 HIGH

McAfee Agent < 5.6.6 - DLL Search Order Hijacking via Installer

CVE-2020-24162 HIGH

Shenzhen Tencent app <5.8.2.5300 - Code Injection

CVE-2020-24161 HIGH

Guangzhou NetEase Mail Master <4.14.1.1004 - Code Injection

CVE-2020-24160 HIGH

Shenzhen Tencent TIM Windows client <3.0.0.21315 - Code Injection

CVE-2020-24159 HIGH

NetEase Youdao Dictionary <8.9.2.0 - Code Injection

CVE-2020-24158 HIGH

360 Speed Browser <12.0.1247.0 - Code Injection

CVE-2020-25045 HIGH

Kaspersky Security Center < 12 - Uncontrolled Search Path Element

CVE-2020-15167 HIGH

Miller 5.9.0 - Unauthenticated Remote Code Execution via Malicious .mlrrc File

CVE-2020-5419 MEDIUM

RabbitMQ <3.8.7 - Local Windows Code Execution via Binary Planting

CVE-2020-14349 HIGH

PostgreSQL 10.0-10.13 - Authenticated SQL Injection via Logical Replication Search Path

CVE-2020-9724 HIGH

Adobe Lightroom <= 9.2.0.10 - Privilege Escalation via Insecure Library Loading

CVE-2020-3433 HIGH KEV

Cisco AnyConnect Secure Mobility Client for Windows - DLL Hijacking

CVE-2020-9767 HIGH

Zoom Sharing Service - Uncontrolled Search Path Element via DLL Loading

CVE-2020-7360 HIGH

Philips SmartControl < 4.3.15 - Authenticated Privilege Escalation via DLL Search Path Hijacking

CVE-2020-8687 HIGH

Intel(R) RSTe Software RAID Driver <4.7.0.1119 - Privilege Escalation

CVE-2020-15596 MEDIUM

HP Elite X2 1012 G1 Firmware - Uncontrolled Search Path

CVE-2020-13177 HIGH

Teradici PCoIP Standard Agent <20.04.1-20.07.0 - Privilege Escalation

CVE-2020-15657 HIGH

Firefox < 79.0 and Firefox ESR < 78.1 - Uncontrolled Search Path Element via DLL Loading

CVE-2020-16143 HIGH

seafile-client 7.0.8 - DLL Hijacking via exchndl.dll Loading

CVE-2020-10610 HIGH

OSIsoft PI System - Privilege Escalation

CVE-2020-15724 HIGH

360 Total Security < 12.1.0.1005 - Local Privilege Escalation via DLL Hijacking

Previous Page 39 of 47 Next

Details

Vulnerabilities 1,172

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy