Search Results (457 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37037 1 Avast 2 Secureline, Secureline Vpn 2026-04-15 7.8 High
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
CVE-2020-37045 1 Veritas 2 Netbackup, Netbackup Firmware 2026-04-15 7.8 High
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
CVE-2020-37047 1 Deepinstinct 1 Windows Agent 2026-04-15 7.8 High
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
CVE-2020-37048 1 Iskysoft 1 Application Framework Service 2026-04-15 7.8 High
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
CVE-2020-37055 1 Enigmasoftware 1 Spyhunter 2026-04-15 7.8 High
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
CVE-2020-37058 1 Andrea Electronics 1 Andrea St Filters Service 2026-04-15 7.8 High
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.
CVE-2020-37059 2 Getpopcorntime, Popcorn Time Project 2 Popcorn Time, Popcorn Time 2026-04-15 7.8 High
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.
CVE-2020-37060 1 Drive-software 1 Atomic Alarm Clock X86 2026-04-15 7.8 High
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.
CVE-2020-37061 1 Weird Solutions 1 Bootpturbo 2026-04-15 7.8 High
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
CVE-2020-37062 1 Weird Solutions 1 Dhcp Turbo 2026-04-15 7.8 High
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
CVE-2020-37063 1 Weird Solutions 1 Tftp Turbo 2026-04-15 7.8 High
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2020-37064 1 Epson 1 Easymp 2026-04-15 7.8 High
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
CVE-2020-37098 1 Disksorter 1 Disk Sorter 2026-04-15 7.8 High
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2020-37099 1 Disksavvy 1 Disksavvy Enterprise 2026-04-15 7.8 High
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
CVE-2020-37101 2 Keepsolid, Vpnunlimitedapp 2 Vpn Unlimited, Vpn Unlimited 2026-04-15 7.8 High
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges.
CVE-2020-37102 2 Codeworkweb, Lavasoft 2 Cww Companion, Web Companion 2026-04-15 7.8 High
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2022-50688 1 Cobiansoft 1 Cobian Backup 2026-04-15 8.4 High
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.
CVE-2023-53912 2 Malwarebytes, Microsoft 2 Binosoft Usb Flash Drives Control, Windows 2026-04-15 6.2 Medium
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.
CVE-2023-53946 1 Arcsoft 1 Photostudio 2026-04-15 8.4 High
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
CVE-2023-53947 1 Ocsinventory-ng 2 Ocs Inventory Ng, Ocsinventory Ng 2026-04-15 8.4 High
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.