29 matches found
EUVD-2020-30872
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling...
EUVD-2020-6092
Malware in sbrugna...
EUVD-2020-20151
Malware in sbrugna...
EUVD-2021-33051
Malicious code in bioql PyPI...
EUVD-2022-32393
Malicious code in bioql PyPI...
EUVD-2024-44077
Malicious code in bioql PyPI...
EUVD-2025-32345
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak...
CVE-2025-5191 Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows)
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers Windows. Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority...
JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path
Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...
CVE-2024-2747
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...
CVE-2024-4461
Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation...
CVE-2023-7043 Unquoted path privilege vulnerability in ESET products for Windows
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions...
CVE-2023-25075
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2021-23197
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 MR3 ;...
CVE-2018-2406
CVE-2018-2406 affects SAP Crystal Reports Server OEM Edition (CRSE) startup path: unquoted Windows search path leads to local directory/path traversal. Versions 4.0, 4.10, 4.20, 4.30 are affected; local privilege elevation is indicated in connected CNVD entry. The vulnerability’s CVSS notes local...
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
The script tries to detect Windows SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...
CVE-2018-6321
CVE-2018-6321 : Connected sources confirm a local privilege escalation in Panda Global Protection 17.0.1, via an unquoted Windows search path in the panda_url_filtering service. The vulnerability is triggered by placing a malicious artefact, allowing a local user to gain higher privileges. Root c...
CVE-2016-5793
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory...
CVE-2015-7866
CVE-2015-7866 describes an unquoted Windows search path vulnerability in the NVIDIA GPU graphics driver control panel component nvSmartMaxApp.exe. A local attacker could exploit this to escalate privileges, demonstrated by using a Trojan horse named C:\Program.exe. The affected products are NVIDI...
CVE-2015-1484
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming SWS 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as...