CVE-2016-20056

CVE-2016-20056 affects Spy Emergency build 23.0.205. An unquoted service path exists in the SpyEmrgHealth and SpyEmrgSrv services, enabling local privilege escalation by placing malicious executables in the service path. Triggering a service restart or system reboot would execute code with LocalS...

PT-2026-30354

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

CVE-2026-4606

GV Edge Recording Manager (ERM) v2.3.1 is affected by a privilege-escalation flaw where core components run with SYSTEM-level privileges. The vulnerability arises because an ERM-installed Windows service runs under LocalSystem, and, on launch, related processes inherit SYSTEM privileges instead o...

EUVD-2016-10821

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

CVE-2019-25308

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25308

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25308 Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25308 Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25307 WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...

PT-2026-7603

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations...

CVE-2019-25305

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...

CVE-2019-25305

CVE-2019-25305 affects JumpStart 0.6.0.0 and involves an unquoted service path vulnerability in the jswpbapi service that runs with LocalSystem privileges. The unquoted path containing spaces can be exploited to inject and execute malicious code with elevated system permissions. Multiple connecte...

CVE-2019-25281

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

CVE-2019-25269

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations...

Photodex ProShow Producer 代码问题漏洞

Photodex ProShow Producer is a video and image slideshow production software developed by the American company Photodex. Version 9.0.3797 of Photodex ProShow Producer contains a code vulnerability. This vulnerability stems from a service path in the ScsiAccess service that lacks quotation marks,...

CVE-2019-25286

GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with...

CVE-2019-25281 NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

EUVD-2019-19384

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...