CVE-2021-47826

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\NTI\Acer Backup Manager\ to inject malicious executables that...

CVE-2021-47825 Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem...

CVE-2021-47825

CVE-2021-47825 covers an unquoted service path in Acer Updater Service 1.2.3500.0. The vulnerability stems from an unquoted path in C:\Program Files\Acer\Acer Updater, allowing a local user to inject a malicious executable that runs with LocalSystem privileges at service startup. Affected compone...

CVE-2021-47780

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permission...

Korenix JetNet Improper Verification of Cryptographic Signature (CVE-2023-5347)

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. This plugin only works with Tenable.ot...

CVE-2021-47807

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

CVE-2021-47790

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative...

CVE-2021-47787 TotalAV 5.15.69 - Unquoted Service Path

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration...

CVE-2020-36927

DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject...

CVE-2021-47773

Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path t...

CVE-2021-47773 Dynojet Power Core 2.3.0 - Unquoted Service Path

Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path t...

EUVD-2026-2769

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalati...

PT-2026-3177

Name of the Vulnerable Software and Affected Versions Sync Breeze version 13.6.18 Description Sync Breeze version 13.6.18 contains a security issue due to an unquoted service path in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The issue...

PT-2026-3162

Name of the Vulnerable Software and Affected Versions Active WebCam version 11.5 Description The software contains an unquoted service path issue that could allow local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by...

PT-2026-3148

Name of the Vulnerable Software and Affected Versions DiskPulse Enterprise version 13.6.14 Description The software contains an unquoted service path vulnerability in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due...

MilleGPG5 security vulnerabilities

MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...

CVE-2022-50931

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

CVE-2022-50917

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated...

CVE-2022-50931 TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

CVE-2022-50931

TeamSpeak 3.5.6 has an insecure file permissions vulnerability allowing local attackers to replace system executables (e.g., ts3client_win32.exe) with malicious binaries, potentially yielding SYSTEM/Administrator privileges. Documented CVSS: LOCAL, HIGH impact (C/H/I/A). Exploit details are repor...