CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-428

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-27966 428 Exec Code 2022-03-31 2022-04-08
6.9
None Local Medium Not required Complete Complete Complete
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
2 CVE-2022-27965 428 Exec Code 2022-03-31 2022-04-08
6.9
None Local Medium Not required Complete Complete Complete
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
3 CVE-2022-27964 428 Exec Code 2022-03-31 2022-04-08
6.9
None Local Medium Not required Complete Complete Complete
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
4 CVE-2022-27963 428 Exec Code 2022-03-31 2022-04-08
6.9
None Local Medium Not required Complete Complete Complete
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
5 CVE-2022-27905 428 2022-04-27 2022-05-09
9.0
None Remote Low ??? Complete Complete Complete
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
6 CVE-2022-27089 428 2022-04-11 2022-04-15
7.2
None Local Low Not required Complete Complete Complete
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
7 CVE-2022-27088 428 2022-04-11 2022-04-15
4.6
None Local Low Not required Partial Partial Partial
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
8 CVE-2022-27052 428 2022-03-31 2022-04-08
7.2
None Local Low Not required Complete Complete Complete
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
9 CVE-2022-27050 428 2022-03-31 2022-04-08
7.2
None Local Low Not required Complete Complete Complete
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
10 CVE-2022-25031 428 2022-03-03 2022-03-09
6.9
None Local Medium Not required Complete Complete Complete
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
11 CVE-2022-23909 428 2022-04-05 2022-04-12
7.2
None Local Low Not required Complete Complete Complete
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
12 CVE-2022-0237 428 Exec Code 2022-03-17 2022-03-24
7.2
None Local Low Not required Complete Complete Complete
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
13 CVE-2021-46368 428 2022-02-17 2022-02-25
4.6
None Local Low Not required Partial Partial Partial
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
14 CVE-2021-45819 428 2022-03-03 2022-03-09
7.2
None Local Low Not required Complete Complete Complete
Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
15 CVE-2021-45460 428 DoS 2022-01-11 2022-01-18
5.5
None Remote Low ??? None Partial Partial
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
16 CVE-2021-43463 428 2022-04-04 2022-04-11
7.2
None Local Low Not required Complete Complete Complete
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
17 CVE-2021-43460 428 2022-04-04 2022-04-11
7.2
None Local Low Not required Complete Complete Complete
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
18 CVE-2021-43458 428 2022-04-04 2022-04-12
7.2
None Local Low Not required Complete Complete Complete
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
19 CVE-2021-43457 428 2022-04-04 2022-04-12
7.2
None Local Low Not required Complete Complete Complete
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.
20 CVE-2021-43456 428 2022-04-04 2022-04-11
4.6
None Local Low Not required Partial Partial Partial
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
21 CVE-2021-43455 428 2022-04-04 2022-04-11
7.2
None Local Low Not required Complete Complete Complete
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.
22 CVE-2021-43454 428 2022-04-04 2022-04-11
4.6
None Local Low Not required Partial Partial Partial
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
23 CVE-2021-42563 428 2021-11-12 2021-11-16
4.6
None Local Low Not required Partial Partial Partial
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
24 CVE-2021-40683 428 2021-10-04 2021-10-12
4.4
None Local Medium Not required Partial Partial Partial
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
25 CVE-2021-35469 428 2021-07-14 2021-07-19
7.2
None Local Low Not required Complete Complete Complete
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
26 CVE-2021-35231 428 +Priv 2021-10-25 2021-10-28
4.6
None Local Low Not required Partial Partial Partial
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
27 CVE-2021-35056 428 2021-07-15 2021-07-27
4.6
None Local Low Not required Partial Partial Partial
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run.
28 CVE-2021-33095 428 2021-11-17 2021-11-19
7.2
None Local Low Not required Complete Complete Complete
Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
29 CVE-2021-31776 428 2021-04-29 2021-05-13
7.2
None Local Low Not required Complete Complete Complete
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
30 CVE-2021-31553 428 DoS 2021-04-22 2021-04-22
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
31 CVE-2021-29218 428 2022-02-04 2022-02-09
4.6
None Local Low Not required Partial Partial Partial
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
32 CVE-2021-27608 428 2021-04-14 2021-04-20
4.4
None Local Medium Not required Partial Partial Partial
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
33 CVE-2021-25269 428 2021-11-26 2021-12-03
2.1
None Local Low Not required None None Partial
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
34 CVE-2021-23879 428 Exec Code 2021-03-15 2022-05-03
7.2
None Local Low Not required Complete Complete Complete
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
35 CVE-2021-23197 428 Exec Code 2021-11-18 2021-11-23
4.6
None Local Low Not required Partial Partial Partial
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
36 CVE-2021-21292 428 2021-02-02 2021-02-08
1.9
None Local Medium Not required None Partial None
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.
37 CVE-2021-0112 428 2021-06-09 2021-06-22
4.4
None Local Medium Not required Partial Partial Partial
Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
38 CVE-2020-35152 428 2021-02-03 2021-02-05
4.6
None Local Low Not required Partial Partial Partial
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
39 CVE-2020-28209 428 +Priv 2020-11-19 2022-01-31
4.4
None Local Medium Not required Partial Partial Partial
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.
40 CVE-2020-27992 428 +Priv 2020-11-02 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
41 CVE-2020-27645 428 +Priv 2020-12-29 2021-01-04
6.5
None Remote Low ??? Partial Partial Partial
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
42 CVE-2020-27644 428 +Priv 2020-12-29 2021-01-03
6.5
None Remote Low ??? Partial Partial Partial
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
43 CVE-2020-22809 428 2021-05-10 2021-05-20
4.6
None Local Low Not required Partial Partial Partial
In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
44 CVE-2020-15261 428 2020-10-19 2021-06-18
4.6
None Local Low Not required Partial Partial Partial
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
45 CVE-2020-14049 428 2020-06-22 2021-07-21
5.0
None Remote Low Not required Partial None None
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.
46 CVE-2020-13699 428 2020-07-29 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
47 CVE-2020-11632 428 Exec Code 2021-07-15 2021-07-27
7.2
None Local Low Not required Complete Complete Complete
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
48 CVE-2020-10051 428 Exec Code 2020-09-09 2020-09-14
7.2
None Local Low Not required Complete Complete Complete
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.
49 CVE-2020-9292 428 +Priv 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
50 CVE-2020-8337 428 Exec Code 2020-06-09 2020-06-19
7.2
None Local Low Not required Complete Complete Complete
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Total number of vulnerabilities : 113   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.