Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,175 vulnerabilities with CWE-427

CVE-2017-14010 HIGH

SpiderControl MicroBrowser <1.6.30.144 - Code Injection

CVE-2017-5170 HIGH

Moxa SoftNVR-IA Live Viewer <3.30.3122 - DLL Hijacking

CVE-2017-16777 HIGH

HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation

CVE-2017-12314 HIGH

Cisco FindIT Network Discovery Utility - DLL Preloading

CVE-2017-12313 MEDIUM

Cisco Network Academy Packet Tracer - Code Injection

CVE-2017-14020 HIGH

AutomationDirect CLICK Programming Software <= 2.10 - Uncontrolled Search Path Element

CVE-2017-14029 HIGH

Trihedral VTScada <11.3.03 - Code Injection

CVE-2017-14017 HIGH

Progea Movicon <11.5.1181 - Code Injection

CVE-2017-12579 HIGH

HashiCorp Vagrant VMware Fusion < 4.0.24 - Unauthenticated Privilege Escalation via SUID Wrapper Binary

CVE-2017-12266 MEDIUM

Cisco Meeting App - Privilege Escalation

CVE-2017-13993 HIGH

i-SENS SmartLog Diabetes Management Software <2.4.0 - Code Injection

CVE-2017-5147 MEDIUM

AzeoTech DAQFactory <17.1 - Uncontrolled Search Path Element

CVE-2017-11158 HIGH

Synology Cloud Station Drive < 4.2.5-4396 - Untrusted Search Path via DLL Hijacking

CVE-2017-12717 HIGH

Advantech WebAccess < 8.2 - Uncontrolled Search Path Element

CVE-2017-11159 HIGH

Synology Photo Station Uploader < 1.4.2-084 - Untrusted Search Path via DLL Hijacking

CVE-2017-13130 HIGH

BMC Patrol - Uncontrolled Search Path Element via libmcmclnx.so

CVE-2017-6329 HIGH

Symantec VIP Access for Desktop < 2.2.4 - DLL Pre-Loading via Uncontrolled Search Path

CVE-2017-9661 HIGH

SIMPlight SCADA <4.3.0.27 - Code Injection

CVE-2017-9648 HIGH

Solar Controls WATTConfig M <2.5.10.1 - Code Injection

CVE-2017-9646 HIGH

Solar Controls HCDownloader <1.0.1.15 - Code Injection

CVE-2017-12653 HIGH

360 Total Security < 9.0.0.1202 - Privilege Escalation via Shcore.dll Path Hijacking

CVE-2017-2288 HIGH

LhaForge <1.6.5 - Privilege Escalation

CVE-2017-2287 HIGH

NFC Port Software remover <1.3.0.1 - Privilege Escalation

CVE-2017-2286 HIGH

NFC Port Software <5.5.0.6 - Privilege Escalation

CVE-2017-1000010 HIGH

Audacity 2.1.2-2.3.2 - Uncontrolled Search Path Element via avformat-55.dll

Previous Page 46 of 47 Next

Details

Vulnerabilities 1,175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy