PT-2026-51193

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...

PT-2026-51192

A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...

PT-2026-51189

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

PT-2026-51194

A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack...

PT-2026-51191

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

PT-2026-51188

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

CVE-2021-47985

Summary: CVE-2021-47985 affects Brother SAPSprint 7.60 and is an unquoted service path vulnerability in the SAPSprint service binary, enabling local privilege escalation. An attacker can drop a malicious executable in the Program Files path to run with LocalSystem privileges when the service star...

EUVD-2020-31254

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

CVE-2020-37253

The CVE pertains to Winstep 18.06.0096, where the Winstep Xtreme Service has an unquoted service path vulnerability. This allows a local attacker to escalate privileges by placing a malicious executable in Program Files that is executed with LocalSystem privileges when the service starts. Affecte...

EUVD-2020-31253

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with...

EUVD-2019-20183

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

EUVD-2016-10907

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

EUVD-2016-10908

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

CVE-2016-20094

CVE-2016-20094 – AnyDesk 2.5.0 : An unquoted service path vulnerability in the AnyDesk service allows local attackers to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can place malicious executables in the system root path, which may be launched w...

EUVD-2016-10906

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

EUVD-2016-10905

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

CVE-2016-20091

CVE-2016-20091 affects Windows Firewall Control 4.8.6.0. The issue is an unquoted service path for the wfcs.exe service, enabling local attackers to escalate privileges by placing malicious executables in unquoted directories that are executed with LocalSystem privileges on service restart or sys...

EUVD-2016-10900

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

EUVD-2016-10899

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackupwebServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem...

CVE-2016-20086

Vembu StoreGrid 4.0 is affected by an unquoted service path privilege-escalation vulnerability in the RemoteBackup and RemoteBackup_webServer services. An attacker can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges. This CVE (...