6679 matches found
CVE-2020-37129
CVE-2020-37129 affects Memu Play 7.1.3. The vulnerability is due to insecure folder permissions that let a low-privileged user modify MemuService.exe, enabling replacement with a malicious file at system restart to gain SYSTEM-level privileges. Connected sources corroborate the issue and describe...
CVE-2019-25271
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations...
CVE-2019-25269
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations...
CVE-2019-25272
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and...
CVE-2019-25288
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots...
EUVD-2019-19385
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...
CVE-2019-25273 Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and...
CVE-2019-25273 Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and...
CVE-2019-25272
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and...
Movable Type 安全漏洞
Movable Type is a content management system developed by Movable Type Inc. There is a security vulnerability in Movable Type, which stems from CSV files generated when is entered; these files may contain malicious code, potentially allowing arbitrary code to execute on the user’s system...
CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...
K000159856: Binutils vulnerability CVE-2025-66862
Security Advisory Description A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66862 Impact An attacker can exploit this vulnerability to trigger a heap-based buffer over-read in...
CVE-2020-37101 VPN unlimited 6.1 - Unquoted Service Path
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files x86\VPN Unlimited' to replace the service executable and gain elevated system...
CVE-2020-37101
CVE-2020-37101 : VPN Unlimited 6.1 on Windows is affected by an unquoted service path vulnerability in the service binary path at C:\Program Files (x86)\VPN Unlimited, allowing a local attacker to replace the service executable and achieve elevated privileges. The description and connected source...
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious...
EUVD-2020-30977
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious...
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration (C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe), enabling local attackers to inject malicious executables and escalate privileges. Affected component: the Disk Savvy service. Root c...
SUSE CVE-2026-1703
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...
KeepSolid VPN Unlimited 代码问题漏洞
KeepSolid VPN Unlimited is a VPN proxy software developed by the American company KeepSolid. Version 6.1 of KeepSolid VPN Unlimited contains a code vulnerability. This vulnerability stems from an unquoted service path vulnerability. Attackers can exploit this vulnerability by replacing the servic...
PT-2026-6334
Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions 0.1.0 through 0.9.5 Notepad++ versions prior to 8.8.2 Description BrowserStack Runner contains a path traversal issue in the default HTTP handler within lib/server.js. This allows unauthenticated network-adjacent...