CVE-2020-37254

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

EUVD-2023-60591

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...

CVE-2021-47985 Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

EUVD-2016-10898

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2020-37247 Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

CVE-2020-37232 Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

CVE-2016-20059

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the...

CVE-2016-20058

CVE-2016-20058 affects Netgate AMITI Antivirus build 23.0.305, where an unquoted service path in the AmitiAvSrv and AmitiAntivirusHealth services allows a local attacker to escalate privileges. By placing a malicious executable in the unquoted path, triggering a service restart or system reboot e...

CVE-2016-20057

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

CVE-2016-20056

CVE-2016-20056 affects Spy Emergency build 23.0.205. An unquoted service path exists in the SpyEmrgHealth and SpyEmrgSrv services, enabling local privilege escalation by placing malicious executables in the service path. Triggering a service restart or system reboot would execute code with LocalS...

CVE-2019-25308 Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

PT-2026-7603

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25305

CVE-2019-25305 affects JumpStart 0.6.0.0 and involves an unquoted service path vulnerability in the jswpbapi service that runs with LocalSystem privileges. The unquoted path containing spaces can be exploited to inject and execute malicious code with elevated system permissions. Multiple connecte...

CVE-2019-25305

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...

CVE-2019-25281

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

Photodex ProShow Producer 代码问题漏洞

Photodex ProShow Producer is a video and image slideshow production software developed by the American company Photodex. Version 9.0.3797 of Photodex ProShow Producer contains a code vulnerability. This vulnerability stems from a service path in the ScsiAccess service that lacks quotation marks,...

CVE-2019-25274 ProShow Producer 9.0.3797 - Unquoted Service Path

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during...