CWE-428— Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.— MITRE CWE catalog
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-428page 1 of 9
- CVE-2012-0945MEDIUMCVSS 4.9EG 4.92020-01-15
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
- CVE-2013-1609HIGHCVSS 7.8EG 7.82013-03-26
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain pri…
- CVE-2014-0759MEDIUMCVSS 5.9EG 5.92014-02-28
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that …
- CVE-2014-5455MEDIUMCVSS 5.3EG 0.02014-08-25
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMD…
- CVE-2016-15003MEDIUMCVSS 6.3EG 7.82022-07-18
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation…
- CVE-2016-20055HIGHCVSS 7.8EG 7.82026-04-04
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path …
- CVE-2016-20056HIGHCVSS 7.8EG 7.82026-04-04
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable…
- CVE-2016-20057HIGHCVSS 7.8EG 7.82026-04-04
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious ex…
- CVE-2016-20058HIGHCVSS 7.8EG 7.82026-04-04
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in th…
- CVE-2016-20059HIGHCVSS 7.8EG 7.82026-04-04
IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted s…
- CVE-2016-20060HIGHCVSS 7.8EG 7.82026-04-04
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service pat…
- CVE-2016-20061HIGHCVSS 7.8EG 7.82026-04-04
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquot…
- CVE-2016-20085HIGHCVSS 7.8EG 7.82026-06-19
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable fi…
- CVE-2016-20086HIGHCVSS 7.8EG 7.82026-06-19
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path…
- CVE-2016-20087HIGHCVSS 7.8EG 7.82026-06-19
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the syst…
- CVE-2016-20088HIGHCVSS 7.8EG 7.82026-06-19
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitr…
- CVE-2016-20089HIGHCVSS 7.8EG 7.82026-06-19
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, a…
- CVE-2016-20090HIGHCVSS 7.8EG 7.82026-06-19
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable …
- CVE-2016-20091HIGHCVSS 7.8EG 7.82026-06-19
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted pa…
- CVE-2016-20092HIGHCVSS 7.8EG 7.82026-06-19
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system r…
- CVE-2016-20093HIGHCVSS 7.8EG 7.82026-06-19
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can…
- CVE-2016-20094HIGHCVSS 7.8EG 7.82026-06-19
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root pa…
- CVE-2016-20095HIGHCVSS 7.8EG 7.82026-06-19
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers ca…
- CVE-2017-1000475HIGHCVSS 7.8EG 7.82018-01-24
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
- CVE-2017-11672HIGHCVSS 7.8EG 7.82018-06-13
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
- CVE-2017-14030HIGHCVSS 7.8EG 7.82018-01-12
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
- CVE-2017-20218HIGHCVSS 7.8EG 7.82026-03-16
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improp…
- CVE-2017-3141HIGHCVSS 7.2EG 7.82019-01-16
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9…
- CVE-2017-6015HIGHCVSS 7.8EG 7.82018-05-11
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, …
- CVE-2018-10619HIGHCVSS 7.8EG 7.82018-06-07
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat act…
- CVE-2018-11063HIGHCVSS 7.8EG 7.82018-08-10
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentia…
- CVE-2018-14789MEDIUMCVSS 6.7EG 6.72018-08-22
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary co…
- CVE-2018-16098HIGHCVSS 7.8EG 7.82019-01-24
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
- CVE-2018-16183HIGHCVSS 7.8EG 7.82019-01-09
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow …
- CVE-2018-20341HIGHCVSS 7.8EG 7.82019-04-08
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system w…
- CVE-2018-2406MEDIUMCVSS 5.3EG 5.32018-04-10
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
- CVE-2018-3668HIGHCVSS 7.8EG 7.82018-07-10
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
- CVE-2018-3683HIGHCVSS 7.8EG 7.82018-07-10
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3684HIGHCVSS 7.8EG 7.82018-07-10
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3687HIGHCVSS 7.8EG 7.82018-07-10
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-3688HIGHCVSS 7.8EG 7.82018-07-10
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
- CVE-2018-4873HIGHCVSS 7.8EG 7.82018-05-19
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
- CVE-2018-5470HIGHCVSS 7.8EG 7.82018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of pri…
- CVE-2018-6016HIGHCVSS 7.8EG 7.82018-03-12
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
- CVE-2018-6321HIGHCVSS 7.8EG 7.82018-03-12
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
- CVE-2018-6384HIGHCVSS 7.8EG 7.82018-01-31
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
- CVE-2019-11093MEDIUMCVSS 6.7EG 6.72019-05-17
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14685HIGHCVSS 7.8EG 7.82019-08-21
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
- CVE-2019-16647HIGHCVSS 7.2EG 7.22019-10-29
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
- CVE-2019-17658CRITICALCVSS 9.8EG 9.82020-03-12
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
Map vulnerabilities like CWE-428 to your infrastructure
EchelonGraph correlates every CVE — across CWE-428 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →