A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-02
Updated
2024-02-09
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-27
Updated
2023-09-28
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Max CVSS
9.8
EPSS Score
3.00%
Published
2023-07-20
Updated
2023-12-22
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-17
Updated
2023-10-24
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-15
Updated
2023-10-03
Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-20
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-05-23
Updated
2023-05-31
Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-30
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-05-10
Updated
2023-05-19
Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Max CVSS
8.8
EPSS Score
0.10%
Published
2023-05-10
Updated
2023-05-19
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-26
Updated
2023-08-04
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-28
VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-03-16
Updated
2023-03-22
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-02-21
Updated
2023-03-02
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-04-11
Updated
2023-04-18
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-11
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-16
Updated
2024-03-21
A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-15
Updated
2024-03-21
A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-23
Updated
2024-03-21
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-03
Updated
2023-07-14
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 
Max CVSS
7.2
EPSS Score
0.04%
Published
2023-07-28
Updated
2023-08-04
A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-11
Updated
2024-03-21
A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-29
Updated
2024-03-21
166 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!