Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-428

CWE-428

Unquoted Search Path or Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

427 vulnerabilities with CWE-428

CVE-2020-9292 CRITICAL

FortiSIEM Windows Agent - Privilege Escalation

CVE-2020-5569 HIGH

HDD Password tool <1.20.6620 - Path Traversal

CVE-2020-7275 MEDIUM

McAfee ENS <10.7.0 - Code Injection

CVE-2020-8327 HIGH

Lenovo Vantage <10.2003.10.0 - Privilege Escalation

CVE-2020-1988 MEDIUM

Palo Alto Networks GlobalProtect Agent <5.0.5-4.1.13 - Privilege Es...

CVE-2020-0546 HIGH

Intel Optane DC Persistent Memory Mod... - Denial of Service

CVE-2020-0507 MEDIUM

Intel Graphics Driver < 15.33.49.5100 - Authenticated Denial of Service via Unquoted Service Path

CVE-2020-7252 MEDIUM

McAfee Data eXchange Layer < 6.0.0 - Unquoted Service Path Arbitrary Code Execution

CVE-2019-25345 HIGH

Realtek IIS Codec Service 6.4.10041.133 - Code Injection

CVE-2019-25310 HIGH

ActiveFax Server <6.92 Build 0316 - Code Injection

CVE-2019-25309 HIGH

Zilab Remote Console Server 3.2.9 - Privilege Escalation

CVE-2019-25308 HIGH

Mikogo <5.2.2.150317 - Code Injection

CVE-2019-25307 HIGH

WorkgroupMail 7.5.1 - Code Injection

CVE-2019-25306 HIGH

BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation

CVE-2019-25305 HIGH

JumpStart 0.6.0.0 - Unquoted Service Path Privilege Escalation via jswpbapi Service

CVE-2019-25304 HIGH

SecurOS Enterprise 10.2 - Privilege Escalation

CVE-2019-25302 HIGH

Acer Launch Manager 6.1.7600.16385 - Privilege Escalation

CVE-2019-25293 HIGH

BlueStacks App Player 2.4.44.62.57 - Local Privilege Escalation

CVE-2019-25292 HIGH

Alps HID Monitor Service 8.1.0.10 - Code Injection

CVE-2019-25266 HIGH

Wondershare Application Framework Service 2.4.3.231 - Code Injection

CVE-2019-25288 HIGH

Wacom WTabletService 6.6.7-3 - Code Injection

CVE-2019-25287 HIGH

Adaware Web Companion 4.8.2078.3950 - Code Injection

CVE-2019-25286 HIGH

GCaf 3.0 - Unquoted Service Path in gbClientService

CVE-2019-25285 HIGH

Alps Pointing-device Controller 8.1202.1711.04 - Code Injection

CVE-2019-25283 HIGH

Shrew Soft VPN Client 2.2.2 - Privilege Escalation

Previous Page 14 of 18 Next

Details

Vulnerabilities 427

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy