943 matches found
CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory...
CVE-2019-25266
Wundersoft Wondershare Application Framework Service 2.4.3.231 is affected by an unquoted service path vulnerability that can let local attackers execute arbitrary code with elevated privileges by placing a malicious executable in specific directories to hijack the service’s execution context. Af...
PT-2026-6733
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory...
CVE-2025-10314 Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...
PT-2026-5870
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 Description A flaw exists in default permissions within the software that could allow a local attacker to execute code with system privileges. This is...
CVE-2019-25283
CVE-2019-25283 affects Shrew Soft VPN Client 2.2.2. The vulnerability is an unquoted service path that allows local attackers to execute arbitrary code with elevated privileges during service startup or system reboot. The root cause is the unquoted service path, enabling code execution if a malic...
CVE-2020-37100
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...
CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
CVE-2019-25261
AnyDesk 5.4.0 on Windows is affected by an unquoted service path vulnerability in its Windows service configuration. The unquoted binary path allows a local attacker to place a malicious executable in a service executable location, potentially enabling elevated privileges. The information provide...
CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...
PT-2026-5798
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...
PT-2026-5847
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...
PT-2026-5849
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...
CVE-2020-37063
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSyst...
CVE-2020-37062
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...
CVE-2020-37055 SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access...
EUVD-2020-30955
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
CVE-2020-36991
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain...