Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,175 vulnerabilities with CWE-427

CVE-2017-3097 CRITICAL

Adobe Digital Editions <= 4.5.4 - Uncontrolled Search Path Element in Installer Plugin

CVE-2017-3092 CRITICAL

Adobe Digital Editions <= 4.5.4 - Uncontrolled Search Path Element in Installer Plugin

CVE-2017-3090 CRITICAL

Adobe Digital Editions <= 4.5.4 - Uncontrolled Search Path Element in Installer Plugin

CVE-2017-4987 HIGH

EMC VNX2 and VNX1 - Authenticated Uncontrolled Search Path Element

CVE-2017-7884 HIGH

apcupsd < 3.14.14 - Authenticated Privilege Escalation via Executable Replacement

CVE-2017-2210 HIGH

PatchJGD 1.0.1 - Privilege Escalation

CVE-2017-7966 HIGH

Schneider Electric SoMachine HVAC Programming Software 2.1.0 - DLL Hijacking

CVE-2017-5176 HIGH

Rockwell Automation CCW <9.01.00 - DLL Hijack

CVE-2017-6051 HIGH

BLF-Tech VisualView HMI <= 9.9.14.0 - Uncontrolled Search Path Element

CVE-2017-3013 HIGH

Adobe Acrobat Reader <= 11.0.19, <= 15.006.30280, <= 15.023.20070 - DLL Hijacking via Insecure Library Loading

CVE-2017-3012 HIGH

Adobe Acrobat and Reader < 11.0.19, < 15.006.30280, < 15.023.20070 - DLL Hijacking in OCR Plugin

CVE-2017-6033 HIGH

Schneider Electric Interactive Graphical SCADA System < 12.0 - DLL Hijacking via Uncontrolled Search Path

CVE-2017-6517 CRITICAL

Microsoft Skype 7.16.0.102 - Unauthenticated Remote Code Execution via DLL Hijacking

CVE-2017-6417 MEDIUM

Avira Free Security Suite < 15.0 - Code Injection via DoubleAgent Attack

CVE-2017-5567 MEDIUM

Avast Free Antivirus < 12.3 - Local Code Injection via DoubleAgent Attack

CVE-2017-5566 MEDIUM

AVG AntiVirus FREE 17.1 and earlier - Code Injection via DoubleAgent Attack

CVE-2017-5565 MEDIUM

Trend Micro Antivirus+ < 11.1.1005 - Code Injection via DoubleAgent

CVE-2017-5161 HIGH

Sielco Sistemi Winlog Lite SCADA Software <3.02.01 - DLL Hijacking

CVE-2016-6592 HIGH

Symantec Norton Download Manager <5.6 - RCE

CVE-2016-5311 HIGH

Symantec Norton and Endpoint Protection < 22.8.0.50 - Privilege Escalation via DLL Preloading

CVE-2016-4526 HIGH

Trane Tracer SC < 4.2.1134 - Uncontrolled Search Path

CVE-2015-1014 HIGH

Schneider Electric OFS <7.40 - Code Injection

CVE-2014-8393 HIGH

CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion - DLL Hijacking

CVE-2013-0725 HIGH

ERDAS ER Viewer 13.0 - Uncontrolled Search Path Element

Opera < 7.54 - Uncontrolled Search Path Element via PORTAGE_TMPDIR

Previous Page 47 of 47

Details

Vulnerabilities 1,175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy