CWE-428— Unquoted Search Path or Element
192 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-428page 1 of 4
- CVE-2012-0945MEDIUMCVSS 4.9EG 4.92020-01-15
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
- CVE-2013-1609HIGHCVSS 7.82013-03-26
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain pri…
- CVE-2016-15003MEDIUMCVSS 6.3EG 7.82022-07-18
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation…
- CVE-2017-1000475HIGHCVSS 7.82018-01-24
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
- CVE-2017-11672HIGHCVSS 7.82018-06-13
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
- CVE-2017-14030HIGHCVSS 7.82018-01-12
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
- CVE-2017-3141HIGHCVSS 7.22019-01-16
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9…
- CVE-2017-6015HIGHCVSS 7.82018-05-11
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, …
- CVE-2018-10619HIGHCVSS 7.82018-06-07
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat act…
- CVE-2018-11063HIGHCVSS 7.82018-08-10
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentia…
- CVE-2018-14789MEDIUMCVSS 6.72018-08-22
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary co…
- CVE-2018-16098HIGHCVSS 7.82019-01-24
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
- CVE-2018-16183HIGHCVSS 7.82019-01-09
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow …
- CVE-2018-20341HIGHCVSS 7.82019-04-08
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system w…
- CVE-2018-2406MEDIUMCVSS 5.32018-04-10
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
- CVE-2018-3668HIGHCVSS 7.82018-07-10
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
- CVE-2018-3683HIGHCVSS 7.82018-07-10
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3684HIGHCVSS 7.82018-07-10
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3687HIGHCVSS 7.82018-07-10
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3688HIGHCVSS 7.82018-07-10
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-4873HIGHCVSS 7.82018-05-19
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
- CVE-2018-5470HIGHCVSS 7.82018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of pri…
- CVE-2018-6016HIGHCVSS 7.82018-03-12
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
- CVE-2018-6321HIGHCVSS 7.82018-03-12
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
- CVE-2018-6384HIGHCVSS 7.8EG 7.82018-01-31
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
- CVE-2019-11093MEDIUMCVSS 6.72019-05-17
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14685HIGHCVSS 7.8EG 7.82019-08-21
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
- CVE-2019-16647HIGHCVSS 7.2EG 7.22019-10-29
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
- CVE-2019-17658CRITICALCVSS 9.8EG 9.82020-03-12
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
- CVE-2019-18245HIGHCVSS 7.8EG 7.82019-12-11
Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.
- CVE-2019-18915HIGHCVSS 7.8EG 7.82020-02-13
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system …
- CVE-2019-19705HIGHCVSS 7.8EG 7.82022-12-26
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
- CVE-2019-20357HIGHCVSS 7.8EG 7.82020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate p…
- CVE-2019-20362HIGHCVSS 7.8EG 7.82020-01-08
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
- CVE-2019-6008HIGHCVSS 7.8EG 7.82019-12-26
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (a…
- CVE-2019-6145MEDIUMCVSS 6.7EG 6.72019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable d…
- CVE-2019-6149MEDIUMCVSS 6.72019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
- CVE-2019-7201HIGHCVSS 7.8EG 7.82019-12-04
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privi…
- CVE-2019-7487HIGHCVSS 7.8EG 7.82019-12-19
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.
- CVE-2019-7590MEDIUMCVSS 6.7EG 7.82019-07-19
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the app…
- CVE-2019-8459CRITICALCVSS 9.8EG 9.82019-06-20
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of th…
- CVE-2020-0507MEDIUMCVSS 4.4EG 4.42020-03-12
Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-0546HIGHCVSS 7.8EG 7.82020-03-12
Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.
- CVE-2020-10051HIGHCVSS 7.8EG 7.82020-09-09
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local at…
- CVE-2020-11632HIGHCVSS 7.8EG 7.82021-07-15
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
- CVE-2020-13699HIGHCVSS 8.8EG 8.82020-07-29
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a v…
- CVE-2020-14049HIGHCVSS 7.5EG 7.52020-06-22
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or ca…
- CVE-2020-14521HIGHCVSS 8.3EG 9.82022-02-11
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of…
- CVE-2020-15261HIGHCVSS 8.0EG 8.02020-10-19
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon us…
- CVE-2020-1988MEDIUMCVSS 4.2EG 4.22020-04-08
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges.…
Map vulnerabilities like CWE-428 to your infrastructure
EchelonGraph correlates every CVE — across CWE-428 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →