CWE-426

CVE-2018-6218

February 26, 2023 by

A DLL Hijacking vulnerability in Trend Micro’s User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.

CVE-2018-5003

February 26, 2023 by

Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CVE-2018-4927

February 26, 2023 by

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

CVE-2018-21241

February 26, 2023 by

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.

CVE-2018-19486

February 26, 2023 by

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if ‘.’ were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.