Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116911 EXPLOITDB text
BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation
by Th3GundY
EIP-2026-112130 EXPLOITDB text VERIFIED
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
by Besim
EIP-2026-106891 EXPLOITDB text
Entrepreneur Job Portal Script 2.06 - SQL Injection
by OoN_Boy
CVE-2016-20090 EXPLOITDB HIGH text VERIFIED
Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
by Th3GundY
CVSS 7.8
CVE-2016-20088 EXPLOITDB HIGH text VERIFIED
Comodo Chromodo Browser 52.15.25.664 Unquoted Service Path Privilege Escalation
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
by Th3GundY
CVSS 7.8
EIP-2026-110670 EXPLOITDB text VERIFIED
PHP Classifieds Rental Script - Blind SQL Injection
by OoN_Boy
EIP-2026-109514 EXPLOITDB text VERIFIED
MLM Unilevel Plan Script 1.0.2 - SQL Injection
by N4TuraL
EIP-2026-108939 EXPLOITDB text VERIFIED
Just Dial Clone Script - 'fid' SQL Injection
by OoN_Boy
EIP-2026-105356 EXPLOITDB text VERIFIED
B2B Portal Script - Blind SQL Injection
by OoN_Boy
EIP-2026-104972 EXPLOITDB text VERIFIED
Advance MLM Script - SQL Injection
by OoN_Boy
EIP-2026-101268 EXPLOITDB text
Exagate WEBPack Management System - Multiple Vulnerabilities
by Halil Dalabasmaz
CVE-2016-20087 EXPLOITDB HIGH text VERIFIED
Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.
by Tulpa
CVSS 7.8
EIP-2026-116709 EXPLOITDB text VERIFIED
Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation
by Tulpa
EIP-2026-111268 EXPLOITDB text
Picosafe Web GUI - Multiple Vulnerabilities
by Shahab Shamsi
CVE-2016-6434 EXPLOITDB HIGH text
Cisco Firepower Management Center 6.0.1 - Info Disclosure
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
by KoreLogic
CVSS 7.8
CVE-2016-6433 EXPLOITDB HIGH text VERIFIED
Cisco Firepower Mgmt Cntr <6.0.1 - RCE
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
by KoreLogic
CVSS 8.8
CVE-2016-6435 EXPLOITDB MEDIUM text
Cisco Firepower Management Center 6.0.1 - Info Disclosure
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
by KoreLogic
CVSS 6.5
EIP-2026-109275 EXPLOITDB text
Mambo < 4.5.4 - SQL Injection
by GulfTech Security
CVE-2016-20091 EXPLOITDB HIGH text VERIFIED
Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
by zaeek
CVSS 7.8
EIP-2026-118449 EXPLOITDB text
DWebPro 8.4.2 - Multiple Vulnerabilities
by Tulpa
CVE-2016-1240 EXPLOITDB HIGH text VERIFIED
Apache Tomcat on Ubuntu Log Init Privilege Escalation
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
by Dawid Golunski
CVSS 7.8
EIP-2026-100029 EXPLOITDB text VERIFIED
Google Android - Insufficient Binder Message Verification Pointer Leak
by Google Security Research
EIP-2026-117681 EXPLOITDB text
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation
by Tulpa
EIP-2026-117240 EXPLOITDB text VERIFIED
Glassfish Server - Unquoted Service Path Privilege Escalation
by s0nk3y
CVE-2016-5312 EXPLOITDB MEDIUM text
Symantec Messaging Gateway < 10.6.2 - Authenticated Path Traversal via ChartStream sn Parameter
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.
by R-73eN
CVSS 6.5