Vulnerabilities (CVE)

Filtered by CWE-428
Total 186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31591 1 Sap 1 Businessobjects Bw Publisher Service 2024-02-28 4.6 MEDIUM 7.8 HIGH
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
CVE-2022-36344 1 Justsystems 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more 2024-02-28 N/A 9.8 CRITICAL
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
CVE-2022-35292 1 Sap 1 Business One 2024-02-28 N/A 7.8 HIGH
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
CVE-2016-15003 2 Filezilla-project, Microsoft 2 Filezilla Client, Windows 2024-02-28 N/A 7.8 HIGH
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-39959 2 Microsoft, Panini 2 Windows, Everest Engine 2024-02-28 N/A 7.8 HIGH
Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.
CVE-2022-33920 1 Dell 1 Geodrive 2024-02-28 N/A 7.8 HIGH
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
CVE-2022-35899 2 Asus, Microsoft 2 Aura Ready Game Software Development Kit, Windows 2024-02-28 N/A 7.8 HIGH
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
CVE-2022-36384 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2024-02-28 N/A 7.3 HIGH
Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-1697 1 Okta 1 Active Directory Agent 2024-02-28 N/A 3.9 LOW
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
CVE-2022-27905 1 Controlup 1 Controlup 2024-02-28 9.0 HIGH 7.2 HIGH
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVE-2022-27089 1 Fujitsu 1 Plugfree Network 2024-02-28 7.2 HIGH 7.8 HIGH
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVE-2022-27966 2 Microsoft, Netsarang 2 Windows, Xshell 2024-02-28 6.9 MEDIUM 6.5 MEDIUM
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-2147 1 Cloudflare 1 Warp 2024-02-28 4.6 MEDIUM 7.8 HIGH
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
CVE-2022-25031 1 Rdpsoft 1 Remote Desktop Commander Suite Agent 2024-02-28 6.9 MEDIUM 7.8 HIGH
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2021-43454 1 Anytxt 1 Anytxt Searcher 2024-02-28 4.6 MEDIUM 7.8 HIGH
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
CVE-2022-27965 2 Microsoft, Netsarang 2 Windows, Xlpd 2024-02-28 6.9 MEDIUM 6.5 MEDIUM
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27095 1 Battleye 1 Battleye 2024-02-28 7.2 HIGH 7.8 HIGH
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2021-45819 1 Wordline 1 Hidccemonitorsvc 2024-02-28 7.2 HIGH 7.8 HIGH
Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27088 1 Ivanti 1 Dsm Remote 2024-02-28 4.6 MEDIUM 7.8 HIGH
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVE-2022-27963 2 Microsoft, Netsarang 2 Windows, Xftp 2024-02-28 6.9 MEDIUM 6.5 MEDIUM
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.