CVE-2022-48191

A vulnerability exists in Trend Micro Maximum Security 2022 17.7 wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowin...

Xxe

A vulnerability exists in Trend Micro Maximum Security 2022 17.7 wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowin...

CVE-2022-48191

A vulnerability exists in Trend Micro Maximum Security 2022 17.7 wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowin...

CVE-2022-4258

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system...

CVE-2022-4258 Hima: Unquoted path vulnerabilities in HIMA PC based Software

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system...

HIMA Paul Hildebrandt X-OPC 、X-OTS 代码问题漏洞

HIMA Paul Hildebrandt X-OPC and HIMA Paul Hildebrandt X-OTS are both products of HIMA Paul Hildebrandt, Inc.HIMA Paul Hildebrandt X-OPC is an intelligent security platform.HIMA Paul Hildebrandt X-OTS is a security simulator. -OTS is a safety simulator. A code issue vulnerability exists in HIMA Pa...

PT-2023-14140 · Hima · Hima Pc Based

Name of the Vulnerable Software and Affected Versions: HIMA PC based Software affected versions not specified Description: The issue is related to an unquoted Windows search path vulnerability. This might allow local users to gain privileges via a malicious .exe file, potentially gaining full...

Design/Logic Flaw

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

Corel Roxio Creator LJB 代码问题漏洞

Corel Roxio Creator LJB is a CD/DVD burning software application from Corel Digital Technology Corel Canada. It makes capturing and converting media easy. A security vulnerability exists in Corel Roxio Creator LJB that originates when the supplied Roxio Creator LJB launches another program with a...

JVN#13075438: Corel Roxio Creator LJB starts a program with an unquoted file path

Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Impact Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of t...

qt: QProcess could execute a binary from the current working directory when not found in the PATH

A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables...

IObit Malware Fighter 9.2 Tampering / Privilege Escalation

Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source: "https://mrvar0x.com/2022/08/02/multiple-endpoints-security-tampering-exploit/" Vendor: ============= www.iobit.com Product: =========== IObit Malware Fighter 9.2 IObit Malware Fighter is an advanced malware & spyware...

Exploit for Unquoted Search Path or Element in Asus Aura_Ready_Game_Software_Development_Kit

CVE-2022-35899 Unquoted Service Path Asus GameSdk Exploit T...

CVE-2022-24138

IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists because the drag and drop of malicious images could have led to malicious executable and potential code execution...

Remote code execution

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" servicethe service is running under SYSTEM privileges and manipulate it to execute malicious...

CVE-2021-44169

A improper initialization in Fortinet FortiClient Windows version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

Input validation

A improper initialization in Fortinet FortiClient Windows version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

CVE-2021-44169

A improper initialization in Fortinet FortiClient Windows version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

JVN#12969207: HPE Agentless Management registers unquoted service paths

HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths CWE-428. Impact When a registered Windows service path contains spaces and is unquoted, and a malicious executable is placed on a certain path, the executable may be executed wi...