CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


CVEMAP Search Results

CVE
Details
Description
2018-06-13
Medium
CVE-2017-11672

Updating...
 

 
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.

 
2018-06-07
Medium
CVE-2018-10619

Updating...
 

 
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

 
2018-05-19
Medium
CVE-2018-4873

Vendor: Adobe
Software: Creative cloud
 

 
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

 
2018-04-10
Medium
CVE-2018-2406

Vendor: SAP
Software: Crystal repo...
 

 
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

 
2018-03-12
Medium
CVE-2018-6321

Vendor: Pandasecurity
Software: Panda global...
 

 
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.

 
Medium
CVE-2018-6016

Vendor: 10-strike
Software: Network monitor
 

 
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.

 
2018-01-31
Medium
CVE-2018-6384

Vendor: Nsclient
Software: Nsclient++
 

 
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

 
2018-01-24
Medium
CVE-2017-1000475

Vendor: Freesshd
Software: Freesshd
 

 
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.

 
2018-01-12
Medium
CVE-2017-14030

Vendor: MOXA
Software: Mxview
 

 
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

 
2017-10-16
Medium
CVE-2017-15383

Vendor: NERO
Software: NERO
 

 
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top