1070 matches found
CVE-2025-66575
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...
CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...
CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...
PT-2025-49151
Name of the Vulnerable Software and Affected Versions VeeVPN version 1.6.1 Description VeeVPN version 1.6.1 has an issue with an unquoted service path in the VeePNService. This allows remote attackers to potentially run code when the system starts or restarts, gaining higher privileges. An attack...
CVE-2025-20774
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...
CVE-2025-66266
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...
CVE-2025-13051
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...
CVE-2025-13051
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...
CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...
CVE-2025-13051
CVE-2025-13051 affects ABP (2.0–2.0.7.9050) and AES (1.0–1.0.6.8290). The vulnerability arises when the service runs from a directory writable by non-admin users, allowing an attacker to replace or plant a DLL with the same name as one loaded by the service. On service restart, the malicious DLL ...
CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...
PT-2025-47421
Name of the Vulnerable Software and Affected Versions ABP versions 2.0 through 2.0.7.9050 AES versions 1.0 through 1.0.6.8290 Description The services of ABP and AES, when installed in a directory accessible for writing by non-administrative users, are susceptible to DLL hijacking. An attacker ca...
PT-2025-46455
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A double free condition exists in Windows Smart Card. This allows an authorized attacker to gain elevated privileges on a local system. Recommendations At the moment, there is no information...
CVE-2025-58423
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...
CVE-2025-58423
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...
CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...
PT-2025-45389
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists due to inadequate input sanitization when processing configuration files. An attacker can upload a crafted configuration file to cause a denial-of-service condition, traverse directorie...
CVE-2025-60320
memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service memoQauhlp101. The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to...
EUVD-2020-27049
Malware in sbrugna...
EUVD-2016-5307
Malware in sbrugna...