CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2020-37247 Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

CVE-2020-37232 Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

CVE-2016-20059

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the...

CVE-2016-20058

CVE-2016-20058 affects Netgate AMITI Antivirus build 23.0.305, where an unquoted service path in the AmitiAvSrv and AmitiAntivirusHealth services allows a local attacker to escalate privileges. By placing a malicious executable in the unquoted path, triggering a service restart or system reboot e...

CVE-2016-20057

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

CVE-2016-20056

CVE-2016-20056 affects Spy Emergency build 23.0.205. An unquoted service path exists in the SpyEmrgHealth and SpyEmrgSrv services, enabling local privilege escalation by placing malicious executables in the service path. Triggering a service restart or system reboot would execute code with LocalS...

CVE-2019-25308 Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

PT-2026-7603

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25305

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...

CVE-2019-25305

CVE-2019-25305 affects JumpStart 0.6.0.0 and involves an unquoted service path vulnerability in the jswpbapi service that runs with LocalSystem privileges. The unquoted path containing spaces can be exploited to inject and execute malicious code with elevated system permissions. Multiple connecte...

CVE-2019-25281

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

Photodex ProShow Producer 代码问题漏洞

Photodex ProShow Producer is a video and image slideshow production software developed by the American company Photodex. Version 9.0.3797 of Photodex ProShow Producer contains a code vulnerability. This vulnerability stems from a service path in the ScsiAccess service that lacks quotation marks,...

CVE-2019-25274

The CVE-2019-25274 entry concerns ProShow Producer 9.0.3797, which contains an unquoted service path in the ScsiAccess service that can allow local attackers to execute arbitrary code with LocalSystem privileges during service startup. The vulnerability is rooted in how the service binary path is...

CVE-2019-25274 ProShow Producer 9.0.3797 - Unquoted Service Path

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during...

CVE-2019-25274 ProShow Producer 9.0.3797 - Unquoted Service Path

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during...

CVE-2019-25271

CVE-2019-25271 – NETGATE Data Backup 3.0.620 suffers an unquoted service path vulnerability in the NGDatBckpSrv Windows service configuration. The unquoted path can be exploited to inject and execute code with LocalSystem privileges by placing executables in specific directory locations. This mir...

CVE-2019-25269

Amiti Antivirus 25.0.640 is affected by an unquoted service path vulnerability in its Windows service configurations. The underlying issue allows attackers to place executables in specific directories to gain elevated LocalSystem privileges, leading to code execution through the unquoted path. Do...