CVE-2020-37232 Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

CVE-2020-37232

The CVE-2020-37232 entry concerns Advanced System Care Service 13.0.0.157, which has an unquoted service path in the AdvancedSystemCareService13 binary. This allows local attackers to escalate privileges by placing a malicious executable in the system root that will be launched with LocalSystem p...

CVE-2019-25283

Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot...

PT-2026-5811

Name of the Vulnerable Software and Affected Versions Shrew Soft VPN Client version 2.2.2 Description The Shrew Soft VPN Client contains an unquoted service path issue that allows local users to execute arbitrary code with elevated system privileges. An attacker can place malicious executables in...

CVE-2020-36990

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with...

EUVD-2020-30898

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with...

PT-2026-5118

Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem...

CVE-2020-36974

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would...

CVE-2021-47874

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem...

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

PT-2026-3832

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

CVE-2019-25231

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

PT-2025-54417

Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root...

CVE-2025-66575

VeeVPN 1.6.1 is affected by an unquoted service path vulnerability in the VeePNService that allows local code execution with SYSTEM privileges during startup/reboot. Exploitation involves providing a malicious service name, enabling command injection and running as LocalSystem. This CVE is docume...

VeePN 代码问题漏洞

VeePN is a VPN service platform from VeePN Inc. A code issue vulnerability exists in VeePN version 1.6.1, which stems from an unreferenced service path vulnerability in VeePNService that could lead to code execution with LocalSystem privileges upon startup or reboot...