Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-428

CWE-428

Unquoted Search Path or Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

427 vulnerabilities with CWE-428

CVE-2021-43456 HIGH

Rumble Mail Server 0.51.3135 - Buffer Overflow

CVE-2021-43455 HIGH

freelan 2.2 - Unquoted Service Path

CVE-2021-43454 HIGH

AnyTXT Searcher <1.2.394 - Buffer Overflow

CVE-2021-45819 MEDIUM

Wordline HIDCCEMonitorSVC <5.2.4.3 - Privilege Escalation

CVE-2021-46368 HIGH

TRIGONE Remote System Monitor <3.61 - Privilege Escalation

CVE-2021-29218 MEDIUM

HPE Agentless Mgmt Svcs <1.44.0.0 - Privilege Escalation

CVE-2021-45460 HIGH

SICAM PQ Analyzer Firmware < 3.18 - Unquoted Service Path Hijacking

CVE-2021-25269 MEDIUM

Sophos Intercept X Advanced <2.0.23 - Privilege Escalation

CVE-2021-23197 MEDIUM

Gallagher Command Centre <8.50.2048 - RCE

CVE-2021-33095 HIGH

Intel(R) NUC M15 Laptop Kit Keyboard LED Service <1.0.0.4 - Privile...

CVE-2021-42563 HIGH

NI Service Locator <18.0 - Privilege Escalation

CVE-2021-35231 MEDIUM

Kiwi Syslog Server - Privilege Escalation

CVE-2021-40683 HIGH

Akamai EAA Client <2.3.1-2.5.3 - Path Traversal

CVE-2021-35056 MEDIUM

Unisys Stealth <5.1.025.0, <6.0.055.0 - Info Disclosure

CVE-2021-35469 HIGH

Lexmark Printer Software - Privilege Escalation

CVE-2021-0112 HIGH

Intel Unite(R) Client <4.2.25031 - Privilege Escalation

CVE-2021-31776 HIGH

Aviatrix VPN Client < 2.14.14 - Local Privilege Escalation via Unquoted Search Path

CVE-2021-31553 MEDIUM

MediaWiki < 1.35.2 - Denial of Service via CheckUser Extension Username Handling

CVE-2021-27608 HIGH

SAPSetup <9.0 - Privilege Escalation

CVE-2021-23879 MEDIUM

McAfee Endpoint Product Removal <21.2 - RCE

CVE-2021-21292 MEDIUM

Traccar <4.12 - Privilege Escalation

CVE-2020-37247 HIGH

Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation

CVE-2020-37232 HIGH

Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

CVE-2020-37231 HIGH

Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

CVE-2020-37230 HIGH

Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation

Previous Page 10 of 18 Next

Details

Vulnerabilities 427

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy