Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-4873 1Adobe 1Creative Cloud Nov 21, 2024 May 19, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2017-6015 1Rockwellautomation 1Factorytalk Activation Nov 21, 2024 May 11, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may al...Show more Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.Show less
CVE-2018-2406 1Sap 1Crystal Reports Server Nov 21, 2024 Apr 10, 2018 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
CVE-2018-5470 1Philips 1Intellispace Portal Nov 21, 2024 Mar 26, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate...Show more Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.Show less
CVE-2018-6321 1Pandasecurity 1Panda Global Protection Nov 21, 2024 Mar 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
CVE-2018-6016 110 Strike 1Network Monitor Nov 21, 2024 Mar 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
CVE-2018-6384 1Nsclient 1Nsclient++ Nov 21, 2024 Jan 31, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %S...Show more Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.Show less
CVE-2017-1000475 1Freesshd 1Freesshd Nov 21, 2024 Jan 24, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
CVE-2017-14030 1Moxa 1Mxview Nov 21, 2024 Jan 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquot...Show more An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.Show less
CVE-2017-14019 1Progea 1Movicon May 13, 2026 Oct 19, 2017 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to ins...Show more An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.Show less
CVE-2017-15383 1Nero 1Nero May 13, 2026 Oct 16, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.
CVE-2017-12730 1Myscada 1Mypro May 13, 2026 Oct 6, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated p...Show more An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.Show less
CVE-2017-13993 1I Sens 1Smartlog Diabetes Management Software May 13, 2026 Oct 5, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which c...Show more An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.Show less
CVE-2017-3757 1Emc 1Elan Touchpad Driver May 13, 2026 Aug 29, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to...Show more An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.Show less
CVE-2017-9644 2Automatedlogic Carrier 3Automatedlogic Webctrl I VuSitescan Web May 13, 2026 Aug 25, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC We...Show more An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.Show less
CVE-2017-3751 1Lenovo 1Thinkpad Compact Usb Keyboard Driver May 13, 2026 Aug 10, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code...Show more An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.Show less
CVE-2017-9247 1Sierrawireless 3Sierra Wireless Em7345 Software Sierra Wireless Em7455 SoftwareSierra Wireless Location Sensor Driver May 13, 2026 Aug 2, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
CVE-2017-7180 1Eduiq 1Net Monitor For Employees May 13, 2026 Jun 8, 2017 N/A· v4 7.3 HIGH· v3 6.9 MEDIUM· v2 Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to pro...Show more Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.Show less
CVE-2017-3005 1Adobe 1Photoshop Cc May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.
CVE-2017-5873 1Unisys 1Secure Partitioning May 13, 2026 Apr 11, 2017 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by pr...Show more Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.Show less

Previous 1...18 19 202122 Next