Alan Mondragon

5 exploits Active since Jan 2026
CVE-2021-47868 EXPLOITDB HIGH text WRITEUP
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.
CVSS 7.8
CVE-2021-47867 EXPLOITDB HIGH text WRITEUP
WIN-PACK PRO4.8 - Privilege Escalation
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
CVSS 7.8
CVE-2021-47866 EXPLOITDB HIGH text WRITEUP
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
CVSS 7.8
CVE-2021-47861 EXPLOITDB HIGH text WRITEUP
Event Log Explorer 4.9.3 - Privilege Escalation
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.
CVSS 7.8
EIP-2026-117896 EXPLOITDB text WRITEUP
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path