Text Exploits
31,386 exploits tracked across all sources.
BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation
by Th3GundY
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
by Besim
Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
by Th3GundY
CVSS 7.8
Comodo Chromodo Browser 52.15.25.664 Unquoted Service Path Privilege Escalation
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
by Th3GundY
CVSS 7.8
PHP Classifieds Rental Script - Blind SQL Injection
by OoN_Boy
Exagate WEBPack Management System - Multiple Vulnerabilities
by Halil Dalabasmaz
Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.
by Tulpa
CVSS 7.8
Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation
by Tulpa
Cisco Firepower Management Center 6.0.1 - Info Disclosure
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
by KoreLogic
CVSS 7.8
Cisco Firepower Mgmt Cntr <6.0.1 - RCE
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
by KoreLogic
CVSS 8.8
Cisco Firepower Management Center 6.0.1 - Info Disclosure
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
by KoreLogic
CVSS 6.5
Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
by zaeek
CVSS 7.8
Apache Tomcat on Ubuntu Log Init Privilege Escalation
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
by Dawid Golunski
CVSS 7.8
Google Android - Insufficient Binder Message Verification Pointer Leak
by Google Security Research
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation
by Tulpa
Glassfish Server - Unquoted Service Path Privilege Escalation
by s0nk3y
Symantec Messaging Gateway < 10.6.2 - Authenticated Path Traversal via ChartStream sn Parameter
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.
by R-73eN
CVSS 6.5
By Source