Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112455 EXPLOITDB text
Student Record System 1.0 - 'cid' SQLi (Authenticated)
by Mohd. Anees
EIP-2026-112139 EXPLOITDB text
Simple Real Estate Portal System 1.0 - 'id' SQLi
by Mosaaed
EIP-2026-105031 EXPLOITDB text
Air Cargo Management System v1.0 - SQLi
by nu11secur1ty
CVE-2022-4982 EXPLOITDB HIGH text
DBLTek GoIP-1 <GHSFVT-1.1-67-5 - Local File Inclusion
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.
by Valtteri Lehtinen
CVE-2022-26634 EXPLOITDB HIGH text
HMA VPN <5.3.5913.0 - Privilege Escalation
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
EIP-2026-117492 EXPLOITDB text
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
by Johto Robbie
CVE-2022-0557 EXPLOITDB HIGH text
Packagist microweber/microweber <1.2.11 - Command Injection
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
by Chetanya Sharma
CVSS 7.2
CVE-2022-25241 EXPLOITDB HIGH text
Filecloud < 21.3.0.18447 - CSRF
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
by Masashi Fujiwara
CVSS 8.8
EIP-2026-105674 EXPLOITDB text
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
by Alperen Ergel
EIP-2026-105673 EXPLOITDB text
Cab Management System 1.0 - 'id' SQLi (Authenticated)
by Alperen Ergel
CVE-2021-45092 EXPLOITDB CRITICAL text
Thinfinity VirtualUI <3.0 - Code Injection
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
by Daniel Morales
CVSS 9.8
CVE-2021-46354 EXPLOITDB HIGH text
Thinfinity VirtualUI <3.0 - Info Disclosure
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.
by Daniel Morales
CVSS 7.5
CVE-2022-50929 EXPLOITDB HIGH text
Connectify Hotspot 2018 - Code Injection
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 8.4
CVE-2022-50928 EXPLOITDB HIGH text
BlueSoleilCS 5.4.277 - Code Injection
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
CVE-2022-50904 EXPLOITDB HIGH text
Wondershare UBackit 2.0.5 - Code Injection
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50903 EXPLOITDB HIGH text
Wondershare MobileTrans 3.5.9 - Privilege Escalation
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50902 EXPLOITDB HIGH text
Wondershare FamiSafe 1.0 - Code Injection
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50901 EXPLOITDB HIGH text
Wondershare Dr.Fone 11.4.9 - Code Injection
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
by Luis Martínez
CVSS 8.4
EIP-2026-118017 EXPLOITDB text
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
by SamAlucard
EIP-2026-117326 EXPLOITDB text
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
by SamAlucard
EIP-2026-117163 EXPLOITDB text
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
by SamAlucard
CVE-2022-0441 EXPLOITDB CRITICAL text
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
by numan türle
CVSS 9.8
CVE-2021-43062 EXPLOITDB MEDIUM text
Fortinet FortiMail <7.0.1 - XSS
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
by Braiant Giraldo Villa
CVSS 6.1
CVE-2022-50931 EXPLOITDB HIGH text
TeamSpeak 3.5.6 - Local Privilege Escalation
TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.
by Aryan Chehreghani
CVSS 7.8
CVE-2022-50930 EXPLOITDB HIGH text
Emerson PAC Machine Edition 9.80 - Privilege Escalation
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
By Source
All 31,341 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24