CVE-2016-20094

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

CVE-2016-20089

The CVE-2016-20089 entry concerns Iperius Remote 1.7.0, where an unquoted service path vulnerability enables local users to execute arbitrary code with SYSTEM privileges by placing a malicious executable in the service path. The issue is triggered when the software is installed in directories tha...

CVE-2020-37016 BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

CVE-2020-37016

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

CVE-2020-36990 Input Director 1.4.3 - 'Input Director' Unquoted Service Path

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with...

EUVD-2020-30895

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

CVE-2020-36987 Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

CVE-2021-47832

...

CVE-2021-47832

CVE-2021-47832 entry is rejected/not used (duplicate) by the CVE Numbering Authority.

EUVD-2005-4170

Malware in sbrugna...

EUVD-2024-32481

Malicious code in bioql PyPI...

EUVD-2022-41546

Malicious code in bioql PyPI...

EUVD-2022-27291

Malicious code in bioql PyPI...

CVE-2025-5199 LPE on Multipass for macOS

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

CVE-2022-39000

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-24122

CVE-2024-24122 describes a remote code execution in Wanxing Technology’s Yitu project management. A crafted exp.adpx file is treated as a zip archive with a special filename, enabling decompression of the project file into the system startup folder, followed by a system restart and automatic exec...

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...