CWE-428
AllowedUnquoted Search Path or Element
Abstraction: Base · Status: Draft
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
761 vulnerabilities reference this CWE, most recent first.
CVE-2016-20087 (GCVE-0-2016-20087)
Vulnerability from cvelistv5 – Published: 2026-06-19 14:16 – Updated: 2026-06-22 16:39- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40461 | exploit |
| http://www.networkdls.com/ | product |
| http://www.networkdls.com/Software/View/Fortitude_HTTP | product |
| https://www.vulncheck.com/advisories/fortitude-ht… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Networkdls | Fortitude HTTP |
Affected:
1.0.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:38:12.862948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:39:43.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortitude HTTP",
"vendor": "Networkdls",
"versions": [
{
"status": "affected",
"version": "1.0.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tulpa"
}
],
"datePublic": "2016-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T14:16:42.453Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40461",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40461"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.networkdls.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.networkdls.com/Software/View/Fortitude_HTTP"
},
{
"name": "VulnCheck Advisory: Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fortitude-http-unquoted-service-path-elevation-of-privilege"
}
],
"title": "Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20087",
"datePublished": "2026-06-19T14:16:42.453Z",
"dateReserved": "2026-06-19T13:16:24.466Z",
"dateUpdated": "2026-06-22T16:39:43.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20086 (GCVE-0-2016-20086)
Vulnerability from cvelistv5 – Published: 2026-06-19 14:16 – Updated: 2026-06-22 12:55- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40582 | exploit |
| https://www.vulncheck.com/advisories/vembu-storeg… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Vembu | Vembu StoreGrid |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T12:55:01.326832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T12:55:18.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Vembu StoreGrid",
"vendor": "Vembu",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Lane"
}
],
"datePublic": "2016-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T14:16:41.759Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40582",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40582"
},
{
"name": "VulnCheck Advisory: Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vembu-storegrid-unquoted-service-path-privilege-escalation"
}
],
"title": "Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20086",
"datePublished": "2026-06-19T14:16:41.759Z",
"dateReserved": "2026-06-19T13:14:57.984Z",
"dateUpdated": "2026-06-22T12:55:18.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20085 (GCVE-0-2016-20085)
Vulnerability from cvelistv5 – Published: 2026-06-19 14:16 – Updated: 2026-07-15 01:23- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40587 | exploit |
| https://www.vulncheck.com/advisories/realtek-high… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Realtek High Definition Audio Driver |
Affected:
6.0.1.6730
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T15:08:13.185724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:08:22.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Realtek High Definition Audio Driver",
"vendor": "Realtek",
"versions": [
{
"status": "affected",
"version": "6.0.1.6730"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:realtek_high_definition_audio_driver:6.0.1.6730:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Lane"
}
],
"datePublic": "2016-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:22.810Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40587",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40587"
},
{
"name": "VulnCheck Advisory: Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/realtek-high-definition-audio-driver-privilege-escalation"
}
],
"title": "Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20085",
"datePublished": "2026-06-19T14:16:41.065Z",
"dateReserved": "2026-06-19T13:13:17.950Z",
"dateUpdated": "2026-07-15T01:23:22.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20061 (GCVE-0-2016-20061)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-06 15:41- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40497 | exploit |
| http://sheedantivirus.ir/ | product |
| http://dl.sheedantivirus.ir/setup.exe | product |
| https://www.vulncheck.com/advisories/sheed-antivi… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sheedantivirus | sheed AntiVirus |
Affected:
2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20061",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:40:54.066327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:41:08.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sheed AntiVirus",
"vendor": "Sheedantivirus",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-11-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:49.616Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40497",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40497"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://sheedantivirus.ir/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://dl.sheedantivirus.ir/setup.exe"
},
{
"name": "VulnCheck Advisory: sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sheed-antivirus-unquoted-service-path-privilege-escalation"
}
],
"title": "sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20061",
"datePublished": "2026-04-04T13:51:05.616Z",
"dateReserved": "2026-04-04T13:43:24.884Z",
"dateUpdated": "2026-04-06T15:41:08.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20060 (GCVE-0-2016-20060)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-06 13:29- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40528 | exploit |
| https://www.hotspotshield.com | product |
| https://www.hotspotshield.com/download/ | product |
| https://www.vulncheck.com/advisories/hotspot-shie… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Hotspotshield | Hotspot Shield |
Affected:
6.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20060",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:28:36.678248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:29:02.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hotspot Shield",
"vendor": "Hotspotshield",
"versions": [
{
"status": "affected",
"version": "6.0.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pango:hotspot_shield:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:48.853Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40528",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40528"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.hotspotshield.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://www.hotspotshield.com/download/"
},
{
"name": "VulnCheck Advisory: Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hotspot-shield-unquoted-service-path-privilege-escalation"
}
],
"title": "Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20060",
"datePublished": "2026-04-04T13:51:04.326Z",
"dateReserved": "2026-04-04T13:43:09.305Z",
"dateUpdated": "2026-04-06T13:29:02.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20059 (GCVE-0-2016-20059)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-06 15:28- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40525 | exploit |
| http://www.iobit.com/en/index.php | product |
| http://www.iobit.com/downloadcenter.php?product=m… | product |
| https://www.vulncheck.com/advisories/iobit-malwar… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Iobit | IObit Malware Fighter |
Affected:
4.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:20:09.817311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:28:43.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IObit Malware Fighter",
"vendor": "Iobit",
"versions": [
{
"status": "affected",
"version": "4.3.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:4.3.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:11.0.0.1274:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:9.4.0.776:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:9.2:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:8.0.2.547:*:*:*:-:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:8.0.2.547:*:*:*:pro:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:4.0.3.22:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:4.2.02425:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:4.5.03457:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:malware_fighter:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:48.106Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40525",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40525"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.iobit.com/en/index.php"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.iobit.com/downloadcenter.php?product=malware-fighter-free"
},
{
"name": "VulnCheck Advisory: IObit Malware Fighter 4.3.1 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/iobit-malware-fighter-unquoted-service-path-privilege-escalation"
}
],
"title": "IObit Malware Fighter 4.3.1 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20059",
"datePublished": "2026-04-04T13:51:02.758Z",
"dateReserved": "2026-04-04T13:42:51.909Z",
"dateUpdated": "2026-04-06T15:28:43.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20058 (GCVE-0-2016-20058)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-06 17:52- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40540 | exploit |
| http://www.netgate.sk/ | product |
| http://www.netgate.sk/download/download.php?id=11 | product |
| https://www.vulncheck.com/advisories/netgate-amit… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Netgate | NETGATE AMITI Antivirus |
Affected:
23.0.305
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20058",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T17:51:28.349035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:52:16.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NETGATE AMITI Antivirus",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "23.0.305"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:47.374Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40540",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40540"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.netgate.sk/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.netgate.sk/download/download.php?id=11"
},
{
"name": "VulnCheck Advisory: Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation"
}
],
"title": "Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20058",
"datePublished": "2026-04-04T13:51:01.284Z",
"dateReserved": "2026-04-04T13:41:12.280Z",
"dateUpdated": "2026-04-06T17:52:16.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20057 (GCVE-0-2016-20057)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-06 16:43- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40539 | exploit |
| http://www.netgate.sk/ | product |
| http://www.netgate.sk/download/download.php?id=4 | product |
| https://www.vulncheck.com/advisories/netgate-regi… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Netgate | NETGATE Registry Cleaner |
Affected:
16.0.205
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:42:55.347087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:43:10.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NETGATE Registry Cleaner",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "16.0.205"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:46.492Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40539",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40539"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.netgate.sk/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.netgate.sk/download/download.php?id=4"
},
{
"name": "VulnCheck Advisory: NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-registry-cleaner-build-unquoted-service-path-privilege-escalation"
}
],
"title": "NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20057",
"datePublished": "2026-04-04T13:51:00.540Z",
"dateReserved": "2026-04-04T13:39:28.719Z",
"dateUpdated": "2026-04-06T16:43:10.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20056 (GCVE-0-2016-20056)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:50 – Updated: 2026-04-06 18:02- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40550 | exploit |
| http://www.spy-emergency.com/ | product |
| http://www.spy-emergency.com/download/download.php?id=1 | product |
| https://www.vulncheck.com/advisories/spy-emergenc… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Spy-Emergency | Spy Emergency |
Affected:
23.0.205
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20056",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T17:53:56.666497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:02:54.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spy Emergency",
"vendor": "Spy-Emergency",
"versions": [
{
"status": "affected",
"version": "23.0.205"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir.ght"
}
],
"datePublic": "2016-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:45.733Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40550",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40550"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.spy-emergency.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.spy-emergency.com/download/download.php?id=1"
},
{
"name": "VulnCheck Advisory: Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/spy-emergency-build-unquoted-service-path-privilege-escalation"
}
],
"title": "Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20056",
"datePublished": "2026-04-04T13:50:59.759Z",
"dateReserved": "2026-04-04T13:38:36.937Z",
"dateUpdated": "2026-04-06T18:02:54.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20055 (GCVE-0-2016-20055)
Vulnerability from cvelistv5 – Published: 2026-04-04 13:50 – Updated: 2026-04-06 15:42- CWE-428 - Unquoted Search Path or Element
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40577 | exploit |
| http://www.iobit.com/en/index.php | product |
| http://www.iobit.com/en/advancedsystemcarefree.php# | product |
| https://www.vulncheck.com/advisories/iobit-advanc… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Iobit | IObit Advanced SystemCare |
Affected:
10.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:42:13.062815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:42:28.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IObit Advanced SystemCare",
"vendor": "Iobit",
"versions": [
{
"status": "affected",
"version": "10.0.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare_ultimate:10.0.2:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare_ultimate:17.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare_ultimate:-:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare_ultimate:14.2.0.220:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare:15:*:*:*:free:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare:15:*:*:*:pro:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare:13.2:*:*:*:*:windows:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iobit:advanced_systemcare:13.5.0.263:*:*:*:free:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ashiyane Digital Security Team"
}
],
"datePublic": "2016-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T19:59:44.948Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40577",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40577"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.iobit.com/en/index.php"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.iobit.com/en/advancedsystemcarefree.php#"
},
{
"name": "VulnCheck Advisory: IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/iobit-advanced-systemcare-unquoted-service-path-privilege-escalation"
}
],
"title": "IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20055",
"datePublished": "2026-04-04T13:50:59.001Z",
"dateReserved": "2026-04-04T13:37:50.146Z",
"dateUpdated": "2026-04-06T15:42:28.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Properly quote the full search path before executing a program on the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.