EUVD-2026-38230

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

CVE-2021-47985

Summary: CVE-2021-47985 affects Brother SAPSprint 7.60 and is an unquoted service path vulnerability in the SAPSprint service binary, enabling local privilege escalation. An attacker can drop a malicious executable in the Program Files path to run with LocalSystem privileges when the service star...

CVE-2021-47974 VX Search 13.5.28 Unquoted Service Path Privilege Escalation

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute...

CVE-2020-37247

Kite 4.2.0.1 U1 is affected by an unquoted service path vulnerability in the KiteService Windows service. The underlying issue allows local attackers to escalate privileges to LocalSystem by placing a malicious executable in the Program Files directory, which is executed when the service starts. ...

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

CVE-2019-25273

Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and...

CVE-2025-61635

Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...

PT-2026-5814

Name of the Vulnerable Software and Affected Versions Adaware Web Companion version 4.8.2078.3950 Description Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService. This allows local users to potentially execute code with elevated...

CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...

CVE-2021-47868

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WPCommandFileService Service.exe to inject malicious co...

CVE-2021-47859

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and...

CVE-2021-47810

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES X86\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and...

CVE-2020-36930

The CVE-2020-36930 vulnerability affects SysGauge Server 7.9.18, caused by an unquoted service path in the binary path configuration (C:\Program Files\SysGauge Server\bin\sysgaus.exe). Local attackers could exploit this to inject malicious executables and escalate privileges. Exploitation details...

CVE-2020-36928

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBAAgentClient service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions...

CVE-2022-50901

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that woul...

CVE-2022-50902

The CVE-2022-50902 entry concerns Wondershare FamiSafe 1.0, where the FSService has an unquoted service path at C:\Program Files (x86)\Wondershare\FamiSafe, enabling local users to potentially execute code with LocalSystem privileges during service startup. Connected documents confirm the affecte...

PT-2026-2361

Name of the Vulnerable Software and Affected Versions Splashtop version 8.71.12001.0 Description The software contains an unquoted service path vulnerability within the Splashtop Software Updater Service. This allows local attackers to potentially execute arbitrary code. The vulnerability exists...

CVE-2022-35899

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service GameSDK.exe 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILESX86%\ASUS\GameSDK.exe file...

Cylance CylancePROTECT Privilege Extraction Vulnerability

Cylance CylancePROTECT is a suite of endpoint security protection software from Cylance USA. The software is capable of preventing ransomware, malware, and other attacks. A security vulnerability exists in Cylance CylancePROTECT versions prior to 1470, which stems from a user having...

PT-2006-5737 · Oracle +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Apache Friends XAMPP version 1.5.2 Description: The issue concerns unquoted Windows search path vulnerabilities in XAMPP. This could allow local users to gain privileges by placing a malicious program file in the %SYSTEMDRIVE%, which would be...