CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


CVEMAP Search Results

CVE
Details
Description
2019-07-19
Medium
CVE-2019-7590

Vendor: Johnsoncontrols
Software: Exacqvision ...
 

 
ExacqVision Server?s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

 
2019-06-20
Medium
CVE-2019-8459

Vendor: Checkpoint
Software: Smartconsole...
 

 
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

 
2019-04-08
Medium
CVE-2018-20341

Vendor: Winmagic
Software: Securedoc di...
 

 
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where the application binary is located doesn't contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.

 
2019-03-17
Medium
CVE-2019-6149

Updating...
 

 
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.

 
2019-01-24
Medium
CVE-2018-16098

Vendor: Lenovo
Software: Synaptics th...
 

 
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

 
2019-01-09
Medium
CVE-2018-16183

Vendor: Panasonic
Software: System inter...
 

 
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

 
2018-08-22
Medium
CVE-2018-14789

Vendor: Phillips
Software: Intellispace...
 

 
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.

 
2018-08-10
Medium
CVE-2018-11063

Vendor: DELL
Software: Wyse managem...
 

 
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.

 
2018-07-10
Medium
CVE-2018-3688

Updating...
 

 
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

 
Medium
CVE-2018-3687

Updating...
 

 
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top