Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,175 vulnerabilities with CWE-427

CVE-2018-7799 HIGH

Schneider Electric SESU <V2.2.0 - Code Injection

CVE-2018-14812 HIGH

Fuji Electric Energy Savings Estimator <V.1.0.2.0 - DLL Hijacking

CVE-2018-15976 HIGH

Adobe Technical Communications Suite < 1.0.5.1 - Uncontrolled Search Path Element

CVE-2018-11072 HIGH

Dell Digital Delivery < 3.5.1 - Authenticated DLL Injection

CVE-2018-12163 MEDIUM

Intel IoT Developers Kit 4.0 - Privilege Escalation

CVE-2018-12160 MEDIUM

Intel Data Center Migration Center Software <3.1 - Code Injection

CVE-2018-13806 HIGH

SIEMENS TD Keypad Designer - DLL Hijacking via Project File Directory

CVE-2018-14797 HIGH

Emerson DeltaV DCS <14 - Code Injection

CVE-2018-5238 HIGH

Norton Power Eraser <5.3.0.24 & SymDiag <2.1.242 - DLL Preloading

CVE-2018-5235 MEDIUM

Norton Utilities <16.0.3.44 - Code Injection

CVE-2018-8090 HIGH

Quick Heal Various - Buffer Overflow

CVE-2018-12805 CRITICAL

Adobe Connect <9.7.5 - Privilege Escalation

CVE-2018-11049 HIGH

RSA Identity Governance and Lifecycle - Uncontrolled Search Path Element via Environment Variable Manipulation

CVE-2018-1000622 HIGH

Rust Programming Language rustdoc <1.27.0 - RCE

CVE-2018-4938 HIGH

Adobe ColdFusion - Local Privilege Escalation via Insecure Library Loading

CVE-2018-3649 HIGH

Intel Wireless Drivers < 20.20.2.2 - DLL Injection via Autorun.exe and Setup.exe

CVE-2018-6766 HIGH

Swisscom TVMediaHelper 1.1.0.50 - Unauthenticated Remote Code Execution via DLL Hijacking

CVE-2018-6765 HIGH

Swisscom MySwisscomAssistant 2.17.1.1065 - Unauthenticated Remote Code Execution via DLL Hijacking

CVE-2018-5457 HIGH

Vyaire Medical CareFusion Upgrade Utility <2.0.2.2 - Code Injection

CVE-2017-20123 HIGH

Viscosity <1.6.8 - Untrusted Search Path

CVE-2017-20052 MEDIUM

Python 2.7.13 - Uncontrolled Search Path

CVE-2017-20051 MEDIUM

InnoSetup Installer - Path Traversal

CVE-2017-20018 MEDIUM

XAMPP 7.1.1-0-VC14 - Privilege Escalation

CVE-2017-7836 HIGH

Firefox < 57 - Privilege Escalation via Pingsender Dynamic Library Loading

CVE-2017-5175 HIGH

Advantech WebAccess <8.1 - Code Injection

Previous Page 45 of 47 Next

Details

Vulnerabilities 1,175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy