A vulnerability exists in Magic Mouse 2 utilities 2.20, where the 'magicmouse2service' service is installed with an unquoted service path. This could allow an authenticated local attacker to gain elevated privileges on the system.
MEMU PLAY 3.7.0 is vulnerable to an unquoted service path vulnerability. An attacker can exploit this vulnerability to gain elevated privileges on the system.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would cause the local user to be able to insert their code in the system root path undetected by the OS or other security applications and elevate his privileges after reboot.
DigitalPersona Pro 4.5.0.2213 is vulnerable to an Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the unquoted service path of the DpHostW.exe service.
Genexus Protection Server 9.6.4.2 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the 'protsrvservice' service. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path.
An unquoted service path vulnerability exists in IPTInstaller 4.0.9, which could allow an authenticated local attacker to gain elevated privileges on the system. The vulnerability is due to the application not properly quoting the path to the executable of the 'PassThru Service'. An attacker can exploit this vulnerability by placing a malicious executable in the same folder as the vulnerable service and then start the service. This will result in the malicious executable being executed with SYSTEM privileges.
A vulnerability in SuiteCRM 7.11.15 and below allows an authenticated user to execute arbitrary code. This is due to the lack of input validation on the 'last_name' parameter when creating a new user. An attacker can craft a malicious payload and inject it into the 'last_name' parameter, which will be written to a log file in the web root. The attacker can then trigger the log file to execute the malicious payload.
BlogEngine 3.3.8 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'Content' parameter of the 'api/posts' POST request. An attacker can inject malicious JavaScript code into the 'Content' parameter value, which will be executed when the post is viewed. This can be used to steal user session cookies, hijack user accounts, redirect users to malicious websites, etc.
Services By CQR