CVE-2020-37232

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

CVE-2020-36935

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\ServiceKMS.exe to inject malicious executables and...

CVE-2021-47886 Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path

Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Pingzapper\PZService.exe' to inject malicious executables and escalate...

EUVD-2013-0154

Malware in sbrugna...

EUVD-2017-5545

Malware in sbrugna...

CVE-2024-24722

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and...

CVE-2022-4429

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78...

CVE-2021-43454

An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path...

CVE-2013-0111

daemonu.exe aka the NVIDIA Update Service Daemon, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " double quote characters in the service path, which allows local users to gain privileges via a Trojan horse program...

CVE-2024-57276

Dragon Age Origins 1.05 is affected by an unquoted service path in the DAUpdaterSVC service. The service runs under NT AUTHORITY\SYSTEM with insecure permissions, enabling local privilege escalation by replacing or placing a malicious executable in the service path. Connected sources consistently...

CVE-2024-24722

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and...

CVE-2023-6631

CVE-2023-6631 affects Subnet Solutions PowerSYSTEM Center (PowerSYSTEM Center 2020 Update 16 and earlier; 5.0.x–5.16.x). The vulnerability is an unquoted search path/element in the service path that authorized local users can abuse to insert arbitrary code and achieve privilege escalation. Affect...

HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path

Exploit Title: HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path Date: 2022-06-06 Exploit Author: Ali Alipour Vendor Homepage: https://support.hp.com/us-en/document/c01998934 Software Link:...

CVE-2021-43456

An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path...

CVE-2021-43455

An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path...

CVE-2021-23197

CVE-2021-23197 describes an unquoted service path vulnerability in the Gallagher Controller Service, affecting Gallagher Command Centre 8.50 (pre-8.50.2048 MR3) . The underlying issue is that the service executable path is unquoted, allowing an unprivileged user to cause the service to execute co...

CVE-2021-35230

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry...

Atheros Coex Service Application 8.0.0.255 Unquoted Service Path

Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Exploit Author : Isabel Lopez Exploit Date: 2020-11-13 Vendor Homepage : https://www.file.net/process/athcoexagent.exe.html Link Software :...

CVE-2020-15261

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users both students and teachers usually don't have...

CVE-2020-15261

CVE-2020-15261 affects Veyon Service prior to 4.4.2, which contains an unquoted service path that allows locally authenticated administrators to execute code with LocalSystem privileges. The issue is fixed in 4.4.2; a workaround is to revoke administrative privileges from untrusted users. Public ...