1053 matches found
CVE-2026-4606
GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...
EUVD-2019-19957
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...
CVE-2019-25608
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...
CVE-2019-25608 Iperius Backup 6.1.0 Privilege Escalation via Backup Job
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...
CVE-2019-25608
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...
PT-2026-26996
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...
CVE-2026-30834
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...
CVE-2020-37192
MSN Password Recovery 1.30 is affected by an XML External Entity (XXE) vulnerability that allows a local attacker to read local system files by supplying crafted XML input. The attack targets the Favorites tab via XML references to external entities, exposing sensitive configuration information. ...
CVE-2019-25307
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...
CVE-2019-25309
The CVE-2019-25309 entry concerns Zilab Remote Console Server 3.2.9, which contains an unquoted service path vulnerability . This enables local attackers to potentially execute arbitrary code with elevated privileges by injecting a malicious executable into the unquoted binary path used by the se...
CVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. The unquoted path allows an attacker to place executables in specific path locations and execute with LocalSystem privileges. Affected component: Mikogo-Service on Windows with...
CVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...
CVE-2019-25307 WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...
CVE-2019-25307
CVE-2019-25307 : WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration, allowing local attackers to potentially execute arbitrary code. The issue arises from an unquoted binary path, enabling an attacker to inject a malicious executable that can ...
CVE-2019-25307
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...
PT-2026-7602
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...
Mikogo 代码问题漏洞
Mikogo is a desktop sharing and web conferencing software developed by the German company Mikogo. Version Mikogo 5.2.2.150317 contains a code vulnerability. This vulnerability stems from the Windows service configuration of Mikogo-Service, where a service path without quotes was used. This could...
CVE-2019-25305
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...
EUVD-2019-19408
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...
CVE-2019-25305 JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...