CVE-2025-61865

Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

PT-2025-41503

Name of the Vulnerable Software and Affected Versions NAS Navigator2 Windows version affected versions not specified Description NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user possessing write permissions to the system drive's root...

EUVD-2025-26882

Malicious code in bioql PyPI...

EUVD-2025-24857

Malicious code in bioql PyPI...

EUVD-2025-25503

Malicious code in bioql PyPI...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

PT-2025-36113

Name of the Vulnerable Software and Affected Versions: RATOC RAID Monitoring Manager for Windows affected versions not specified Description: RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path. A user with write permission on the system drive’s root...

CVE-2025-57699

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege...

CVE-2025-57699

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege...

CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious...

CVE-2024-47903

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices allows to write arbitrary files to t...

Control ID IDSecure SQL Injection Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions that stems from the presence of a SQL injection vulnerability. An attacker can explo...

CVE-2022-31590

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...

SAP PowerDesigner 代码问题漏洞

SAP PowerDesigner, a database design software from SAP, is vulnerable to a code issue in SAP PowerDesigner Proxy version 16.7, which could be exploited by attackers to bypass system root disk access restrictions, write or create program files on the system disk root path, and elevate the privileg...

CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive C:\ to exploit this...

CVE-2020-29552

An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...

PT-2019-12686 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW version 1.8.5 Description: The issue allows for arbitrary file uploads via the /app/controllers/EntityController.php component, potentially resulting in remote command execution. An attacker can use a user account to fully compromise...

USN-2482-1 elfutils vulnerability

Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory...

CVE-2011-1549

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by...

Default configuration

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated...