CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


CVEMAP Search Results

CVE
Details
Description
2018-04-10
Medium
CVE-2018-2406

Vendor: SAP
Software: Crystal repo...
 

 
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

 
2018-03-12
Medium
CVE-2018-6016

Vendor: 10-strike
Software: Network monitor
 

 
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.

 
Medium
CVE-2018-6321

Vendor: Pandasecurity
Software: Panda global...
 

 
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.

 
2018-01-31
Medium
CVE-2018-6384

Vendor: Nsclient
Software: Nsclient++
 

 
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

 
2018-01-24
Medium
CVE-2017-1000475

Vendor: Freesshd
Software: Freesshd
 

 
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.

 
2018-01-12
Medium
CVE-2017-14030

Vendor: MOXA
Software: Mxview
 

 
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

 
2017-10-16
Medium
CVE-2017-15383

Vendor: NERO
Software: NERO
 

 
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.

 
2017-10-06
Medium
CVE-2017-12730

Vendor: Myscada
Software: Mypro
 

 
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top