108 matches found
CVE-2016-20088
The CVE refers to Comodo Chromodo Browser version 52.15.25.664 with an unquoted service path in the ChromodoUpdater service, which runs with SYSTEM privileges. This allows a local attacker to place a malicious executable in the service path and achieve arbitrary code execution with elevated privi...
CVE-2026-34596
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...
CVE-2025-60865
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...
PT-2026-5928
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...
CVE-2025-60865
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...
EUVD-2025-206729
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...
CVE-2025-60865
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...
CVE-2025-60865
CVE-2025-60865 describes an Insecure Permissions vulnerability in avanquest Driver Updater (v.9.1.57803.1174) where the Driver Updater Service runs with elevated permissions allowing a local attacker to escalate to SYSTEM. Multiple connected sources confirm the issue affects the Driver Updater Wi...
Exploit for CVE-2025-60865
CVE Disclosures | Findings...
CVE-2021-47825
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem...
CVE-2021-47825
CVE-2021-47825 covers an unquoted service path in Acer Updater Service 1.2.3500.0. The vulnerability stems from an unquoted path in C:\Program Files\Acer\Acer Updater, allowing a local user to inject a malicious executable that runs with LocalSystem privileges at service startup. Affected compone...
CVE-2021-47825 Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem...
CVE-2021-47825 Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem...
PT-2026-3281
Name of the Vulnerable Software and Affected Versions Acer Updater Service version 1.2.3500.0 Description The Acer Updater Service contains a flaw due to an unquoted service path. This allows local users to potentially execute code with elevated system privileges. An attacker can exploit the...
Acer Updater Service code-related vulnerabilities
The Acer Updater Service is a software update tool provided by Acer, a company based in Taiwan, China. Version 1.2.3500.0 of the Acer Updater Service contains a code vulnerability. This vulnerability stems from an issue with the service path, where a service path without quotes was used, which ma...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...
CVE-2022-50693
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Splashtop\Splashtop Software Updater\ to inject...
EUVD-2020-2367
Malware in sbrugna...