Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27966 1Netsarang 1Xshell Nov 21, 2024 Mar 31, 2022 N/A· v4 6.5 MEDIUM· v3 6.9 MEDIUM· v2 Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27965 1Netsarang 1Xlpd Nov 21, 2024 Mar 31, 2022 N/A· v4 6.5 MEDIUM· v3 6.9 MEDIUM· v2 Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27964 1Netsarang 1Xmanager Nov 21, 2024 Mar 31, 2022 N/A· v4 6.5 MEDIUM· v3 6.9 MEDIUM· v2 Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27963 1Netsarang 1Xftp Nov 21, 2024 Mar 31, 2022 N/A· v4 6.5 MEDIUM· v3 6.9 MEDIUM· v2 Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27052 1Freesshd 1Freeftpd Nov 21, 2024 Mar 31, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVE-2022-27050 1Bitcomet 1Bitcomet Nov 21, 2024 Mar 31, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
CVE-2022-0237 1Rapid7 1Insight Agent Nov 21, 2024 Mar 17, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the i...Show more Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.Show less
CVE-2022-25031 1Rdpsoft 1Remote Desktop Commander Suite Agent Nov 21, 2024 Mar 3, 2022 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2021-45819 1Wordline 1Hidccemonitorsvc Nov 21, 2024 Mar 3, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2021-46368 1Trigonesoft 1Remote System Monitor Nov 21, 2024 Feb 17, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
CVE-2020-14521 1Mitsubishielectric 46C Controller Interface Module Utility C Controller Module Setting And Monitoring ToolCc Link Ie Control Network Data Collector+43 more Nov 21, 2024 Feb 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, an...Show more Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.Show less
CVE-2021-29218 1Hpe 2Agentless Management Proliant Agentless Management Nov 21, 2024 Feb 4, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user wi...Show more A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.Show less
CVE-2021-45460 1Siemens 1Sicam Pq Analyzer Firmware Nov 21, 2024 Jan 11, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories m...Show more A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.Show less
CVE-2021-25269 1Sophos 3Exploit Prevention Intercept X EndpointIntercept X For Server Nov 21, 2024 Nov 26, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanc...Show more A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.Show less
CVE-2021-23197 1Gallagher 1Command Centre Nov 21, 2024 Nov 18, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre...Show more Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;Show less
CVE-2021-33095 1Intel 1Nuc M15 Laptop Kit Keyboard Led Service Driver Pack Nov 21, 2024 Nov 17, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local ac...Show more Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2021-42563 1Ni 1Ni Service Locator Nov 21, 2024 Nov 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate pr...Show more There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.Show less
CVE-2021-35231 1Solarwinds 1Kiwi Syslog Server Nov 21, 2024 Oct 25, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected servi...Show more As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".Show less
CVE-2021-40683 1Akamai 1Enterprise Application Access Nov 21, 2024 Oct 4, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
CVE-2020-11632 1Zscaler 1Client Connector Nov 21, 2024 Jul 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.

Previous 1...161718...22 Next