Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-15003 1Filezilla Project 1Filezilla Client Nov 21, 2024 Jul 18, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installe...Show more A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-31591 1Sap 1Businessobjects Bw Publisher Service Nov 21, 2024 Jul 12, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affecte...Show more SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected serviceShow less
CVE-2022-2147 1Cloudflare 1Warp Nov 21, 2024 Jun 23, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
CVE-2022-31590 1Sap 1Powerdesigner Proxy Nov 21, 2024 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk ro...Show more SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.Show less
CVE-2022-29320 1Minitool 1Partition Wizard Nov 21, 2024 May 20, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27095 1Battleye 1Battleye Nov 21, 2024 May 20, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27094 1Sony 1Playmemories Home Nov 21, 2024 May 20, 2022 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-26634 1Hma 1Hidemyass Nov 21, 2024 May 20, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-0883 1Snowsoftware 1Snow License Manager Nov 21, 2024 May 18, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
CVE-2022-27905 1Controlup 1Controlup Nov 21, 2024 Apr 27, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVE-2022-27089 1Fujitsu 1Plugfree Network Nov 21, 2024 Apr 11, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVE-2022-27088 1Ivanti 1Dsm Remote Nov 21, 2024 Apr 11, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVE-2022-23909 1Gimmal 1Sherpa Connector Service Nov 21, 2024 Apr 5, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.ex...Show more There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.Show less
CVE-2021-43463 1Ext2 File System Driver Project 1Ext2 File System Driver Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
CVE-2021-43460 1Systemexplorer 1System Explorer Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
CVE-2021-43458 1Vembu 1Bdr Suite Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
CVE-2021-43457 1Bvpn 1Bvpn Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.
CVE-2021-43456 1Rumble Mail Server Project 1Rumble Mail Server Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
CVE-2021-43455 1Freelan 1Freelan Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.
CVE-2021-43454 1Anytxt 1Anytxt Searcher Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .

Previous 1...151617...22 Next