EUVD-2017-18930

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

CVE-2016-20025

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2016-20024

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

PT-2026-25736

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

Wowza Media Systems Wowza Streaming Engine 安全漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable, and scalable media server software developed by Wowza Media Systems. It enables reliable streaming of high-quality video and audio to any device. Version 4.5.0 of Wowza Streaming Engine contains a security vulnerability cause...

CVE-2017-20218

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

CVE-2016-20025

CVE-2016-20025 affects ZKTeco ZKAccess Professional 3.5.3. The issue is an insecure file-permissions vulnerability where the Modify permission granted to the Authenticated Users group lets authenticated users replace executable binaries, enabling privilege escalation. Documented impact includes p...

CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2019-25344 MobileGo 8.5.0 - Insecure File Permissions

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

KeepSolid VPN Unlimited 代码问题漏洞

KeepSolid VPN Unlimited is a VPN proxy software developed by the American company KeepSolid. Version 6.1 of KeepSolid VPN Unlimited contains a code vulnerability. This vulnerability stems from an unquoted service path vulnerability. Attackers can exploit this vulnerability by replacing the servic...

CVE-2022-50931

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

CVE-2022-50931 TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

TDM Digital Signage PC Player 安全漏洞

TDM Digital Signage PC Player is a specialized playback terminal software from the Dutch company TDM Digital Signage. A security vulnerability exists in TDM Digital Signage PC Player version 4.1.0.4, which stems from an elevation of privilege vulnerability that could result in replacing executabl...

CVE-2019-25245

Ross Video DashBoard 8.5.1 has an elevation-of-privileges vulnerability where authenticated users can replace the DashBoard.exe binary due to improper permissions. The issue arises from the ability of the M/C flags for the Authenticated Users group to modify executables, enabling a local attacker...

CVE-2019-25245 Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a...

CVE-2025-14305 Acer｜ListCheck.exe - Local Privilege Escalation

ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation...