CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2017-13779 732 Exec Code +Priv 2017-09-14 2021-06-04
7.2
None Local Low Not required Complete Complete Complete
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.
52 CVE-2017-13707 269 Exec Code +Priv 2017-08-27 2020-05-28
10.0
None Remote Low Not required Complete Complete Complete
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
53 CVE-2017-13681 +Priv 2017-11-06 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.
54 CVE-2017-13130 427 +Priv 2017-08-23 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
55 CVE-2017-12787 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
56 CVE-2017-12786 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
57 CVE-2017-12785 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
58 CVE-2017-12763 276 +Priv 2017-08-29 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
59 CVE-2017-12733 306 +Priv 2017-09-09 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.
60 CVE-2017-12352 77 Exec Code +Priv 2017-11-30 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.
61 CVE-2017-12336 20 Exec Code +Priv 2017-11-30 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.
62 CVE-2017-12335 77 Exec Code +Priv 2017-11-30 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095.
63 CVE-2017-12330 77 Exec Code +Priv 2017-11-30 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879.
64 CVE-2017-12301 20 Exec Code +Priv 2017-10-19 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.
65 CVE-2017-12262 665 +Priv 2017-11-02 2019-10-09
5.8
None Local Network Low Not required Partial Partial Partial
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638.
66 CVE-2017-12226 20 +Priv 2017-09-29 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746.
67 CVE-2017-12214 20 +Priv 2017-09-21 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.
68 CVE-2017-12146 362 +Priv 2017-09-08 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
69 CVE-2017-12137 120 +Priv 2017-08-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
70 CVE-2017-12136 362 DoS +Priv 2017-08-24 2019-05-06
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
71 CVE-2017-12135 682 DoS +Priv +Info 2017-08-24 2020-04-14
4.6
None Local Low Not required Partial Partial Partial
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
72 CVE-2017-12134 682 DoS +Priv +Info 2017-08-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
73 CVE-2017-11742 426 +Priv 2017-07-30 2017-08-09
4.6
None Local Low Not required Partial Partial Partial
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
74 CVE-2017-11657 426 +Priv 2017-08-04 2020-08-19
4.4
None Local Medium Not required Partial Partial Partial
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
75 CVE-2017-11653 732 +Priv 2017-08-18 2021-08-12
4.6
None Local Low Not required Partial Partial Partial
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
76 CVE-2017-11652 732 +Priv 2017-08-18 2021-08-12
4.6
None Local Low Not required Partial Partial Partial
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
77 CVE-2017-11508 89 +Priv Sql 2017-11-02 2017-11-22
6.5
None Remote Low ??? Partial Partial Partial
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
78 CVE-2017-11473 120 Overflow +Priv 2017-07-20 2021-01-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
79 CVE-2017-11322 78 +Priv 2017-10-03 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
80 CVE-2017-11321 78 +Priv 2017-10-03 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
81 CVE-2017-11319 269 +Priv 2017-12-11 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.
82 CVE-2017-11153 502 +Priv 2017-08-08 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
83 CVE-2017-10914 362 DoS +Priv +Info 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
84 CVE-2017-10913 +Priv +Info 2017-07-05 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
85 CVE-2017-10909 426 +Priv 2017-12-22 2018-01-09
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
86 CVE-2017-10893 426 +Priv 2017-12-08 2017-12-20
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
87 CVE-2017-10892 426 +Priv 2017-12-01 2017-12-14
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
88 CVE-2017-10891 426 +Priv 2017-12-01 2017-12-14
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
89 CVE-2017-10887 426 +Priv 2017-11-17 2017-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
90 CVE-2017-10885 426 +Priv 2017-11-13 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
91 CVE-2017-10865 426 +Priv 2017-10-12 2017-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.
92 CVE-2017-10864 426 +Priv 2017-10-12 2017-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
93 CVE-2017-10863 426 +Priv 2017-10-12 2017-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.
94 CVE-2017-10859 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
95 CVE-2017-10858 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
96 CVE-2017-10855 426 +Priv 2017-09-15 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
97 CVE-2017-10851 426 +Priv 2017-09-01 2017-09-06
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
98 CVE-2017-10850 426 +Priv 2017-09-01 2021-04-23
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
99 CVE-2017-10849 426 +Priv 2017-09-01 2017-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
100 CVE-2017-10848 426 +Priv 2017-09-01 2017-09-06
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Total number of vulnerabilities : 459   Page : 1 2 (This Page)3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.