Exploitdb Exploits
31,341 exploits tracked across all sources.
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
by LiquidWorm
ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure
by LiquidWorm
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
by Ceylan BOZOĞULLARINDAN
VIVE Runtime Service 1.0.0.4 - Code Injection
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.
by Faisal Alasmari
CVSS 8.4
Tdarr 2.00.15 - RCE
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.
by Sam Smith
CVSS 9.8
WOW21 5.0.1.9 - Code Injection
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
by Antonio Cuomo
CVSS 7.8
Sandboxie-Plus 5.50.2 - Code Injection
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by Antonio Cuomo
CVSS 8.4
BattlEye v0.9 - Privilege Escalation
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
Sony PlayMemories Home v6.0 - Privilege Escalation
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 6.7
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
by Saud Alenazi
Cobian Backup 0.9 - Privilege Escalation
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
by Hejap Zairy Al-Sharif
CVSS 7.8
Wondershare Dr.Fone 12.0.18 - Code Injection
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.
by Mohamed Alzhrani
CVSS 8.4
Private Internet Access <3.3 - Code Injection
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
by Saud Alenazi
CVSS 8.4
Foxit PDF Reader 11.0 - Unquoted Service Path
by Hejap Zairy Al-Sharif
ZyXEL ZyWALL 2 Plus - XSS
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
by Momen Eldawakhly
CVSS 6.1
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
by Momen Eldawakhly
CVSS 9.8
Cobian Backup Gravity 11.2.0.582 - Code Injection
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.
by Luis Martínez
CVSS 8.4
Cipi 3.1.15 - XSS
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.
by Ghuliev
CVSS 5.4
Wondershare MirrorGo 2.0.11.346 - Privilege Escalation
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.
by Luis Martínez
CVSS 8.4
aaPanel v6.8.21 - Path Traversal
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
by Ghuliev
CVSS 6.5
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
by Amel BOUZIANE-LEBLOND
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
by Antonio Cuomo
By Source