92 matches found
CVE-ubuntu-server-24.04
CVE-2026-XXXX: Apport ExecutablePath Spoofing Zero-day vuln...
CVE-2016-20057 NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...
GHSA-W48F-WWWF-F5FR pyLoad: Improper Neutralization of Special Elements used in an OS Command
Summary The ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an...
Electron 代码问题漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There were code-related vulnerabilities in...
CVE-2025-41368
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
GreenShot 代码问题漏洞
GreenShot is a lightweight screenshot software tool for Windows developed by GreenShot Inc. Versions of Greenshot 1.3.312 and earlier contained a code vulnerability that stemmed from an insecure search path for executable files. This vulnerability could allow local attackers to execute arbitrary...
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious...
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration (C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe), enabling local attackers to inject malicious executables and escalate privileges. Affected component: the Disk Savvy service. Root c...
PT-2026-5576
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:Program FilesVeritasNetBackupbinbpinetd.exe to inject malicious code that would...
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2020-36975 EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\ES60RPB.EXE' to...
EUVD-2026-4633
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\ServiceKMS.exe to inject malicious executables and...
EUVD-2026-3619
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...
EUVD-2026-3643
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate...
CVE-2021-47810
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES X86\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and...
CVE-2021-47809 Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject...
CVE-2020-36927 DiskPulse 13.6.14 - Unquoted Service Path
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject...
CVE-2022-50928 Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...