Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-428

CWE-428

Unquoted Search Path or Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

427 vulnerabilities with CWE-428

CVE-2020-36933 HIGH

HTC IPTInstaller 4.0.9 - Code Injection

CVE-2020-36930 HIGH

SysGauge Server 7.9.18 - Code Injection

CVE-2020-36929 HIGH

Brother BRPrint Auditor 3.0.7 - Code Injection

CVE-2020-36928 HIGH

Brother BRAgent 1.38 - Code Injection

CVE-2020-36927 HIGH

DiskPulse Enterprise 13.6.14 - Code Injection

CVE-2020-36903 HIGH

Selea CarPlateServer 4.0.1.6 - Privilege Escalation

CVE-2020-36879 HIGH

Flexsense DiskBoss 11.7.28 - Privilege Escalation

CVE-2020-24682 HIGH

B&R Industrial Automation <4.9.4 - Privilege Escalation

CVE-2020-14521 HIGH

Mitsubishi Electric Factory Automation - Code Injection

CVE-2020-11632 HIGH

Zscaler Client Connector <2.1.2.150 - Code Injection

CVE-2020-22809 HIGH

Windscribe <v1.83 Build 20 - Privilege Escalation

CVE-2020-35152 MEDIUM

Cloudflare WARP for Windows <1.2.2695.1 - Privilege Escalation

CVE-2020-5147 MEDIUM

SonicWall NetExtender <10.2.300 - Privilege Escalation

CVE-2020-27645 HIGH

1E Client <5.0.0.745 - Privilege Escalation

CVE-2020-27644 HIGH

1E Client 5.0.0.745 - Privilege Escalation

CVE-2020-28209 HIGH

EcoStruxure Building Operation <3.1 - Privilege Escalation

CVE-2020-7331 HIGH

McAfee Endpoint Security < 10.6.1 - Unquoted Service Path Denial of Service and Malicious File Execution

CVE-2020-15261 HIGH

Veyon Service <4.4.2 - Privilege Escalation

CVE-2020-7316 MEDIUM

McAfee File and Removable Media Protection < 5.3.0 - Unquoted Service Path Privilege Escalation

CVE-2020-10051 HIGH

SIMATIC RTLS Locating Manager <V2.10.2 - Command Injection

CVE-2020-7382 MEDIUM

Rapid7 Nexpose <6.6.40 - Buffer Overflow

CVE-2020-8326 HIGH

Lenovo Drivers Management <2.7.1128.1046 - Privilege Escalation

CVE-2020-7581 MEDIUM

SIMATIC Notifier Server - Unquoted Search Path or Element

CVE-2020-7580 MEDIUM

SIMATIC Automation Tool < V4 SP2 - Unquoted Search Path or Element

CVE-2020-8337 MEDIUM

Synaptics Smart Audio <1.0.83.0 - Code Injection

Previous Page 13 of 18 Next

Details

Vulnerabilities 427

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy