CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


CVEMAP Search Results

CVE
Details
Description
2018-08-10
Medium
CVE-2018-11063

Vendor: DELL
Software: Wyse managem...
 

 
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.

 
2018-07-10
Medium
CVE-2018-3688

Updating...
 

 
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

 
Medium
CVE-2018-3687

Updating...
 

 
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.

 
Medium
CVE-2018-3684

Updating...
 

 
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.

 
Medium
CVE-2018-3683

Updating...
 

 
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

 
Medium
CVE-2018-3668

Updating...
 

 
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.

 
2018-06-13
Medium
CVE-2017-11672

Updating...
 

 
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.

 
2018-06-07
Medium
CVE-2018-10619

Updating...
 

 
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

 
2018-05-19
Medium
CVE-2018-4873

Vendor: Adobe
Software: Creative cloud
 

 
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

 
2018-04-10
Medium
CVE-2018-2406

Vendor: SAP
Software: Crystal repo...
 

 
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top