Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47804 EXPLOITDB HIGH text
Wise Care 365 <5.6.7.568 - Code Injection
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.
by Julio Aviña
CVSS 7.8
CVE-2021-47803 EXPLOITDB HIGH text
iFunbox 4.2 - Code Injection
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts.
by Julio Aviña
CVSS 7.8
CVE-2021-37221 EXPLOITDB HIGH text
Customer Relationship Management System - Unrestricted File Upload
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .
by Ishan Saha
CVSS 8.8
CVE-2021-35448 EXPLOITDB HIGH text VERIFIED
Emote Interactive Remote Mouse 3.008 - RCE
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.
by Salman Asad
CVSS 7.8
EIP-2026-117416 EXPLOITDB text
Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path
by Julio Aviña
EIP-2026-112084 EXPLOITDB text
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
by Riadh Benlamine
EIP-2026-107726 EXPLOITDB text
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
by Piyush Patil
EIP-2026-101255 EXPLOITDB text
Dlink DSL2750U - 'Reboot' Command Injection
by Mohammed Hadi
CVE-2021-47807 EXPLOITDB HIGH text
Sync Breeze 13.6.18 - Code Injection
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
CVE-2021-47806 EXPLOITDB HIGH text
Dup Scout 13.5.28 - Code Injection
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
CVE-2021-47805 EXPLOITDB HIGH text
Disk Savvy 13.6.14 - Code Injection
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.
by Brian Rodriguez
CVSS 7.8
EIP-2026-118167 EXPLOITDB text
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
by Ismael Nava
EIP-2026-118086 EXPLOITDB text
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
by Brian Rodriguez
EIP-2026-112899 EXPLOITDB text
Unified Office Total Connect Now 1.0 - 'data' SQL Injection
by Ajaikumar Nadar
CVE-2021-47847 EXPLOITDB HIGH text
Disk Sorter Server 13.6.12 - Code Injection
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious executables and escalate privileges.
by BRushiran
CVSS 7.8
CVE-2021-47809 EXPLOITDB HIGH text
Disk Sorter Enterprise 13.6.12 - Code Injection
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges.
by BRushiran
CVSS 7.8
CVE-2021-47808 EXPLOITDB MEDIUM text
Cotonti Siena - XSS
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
by Fatih İLGİN
CVSS 5.4
CVE-2021-28424 EXPLOITDB MEDIUM text
Teachers Record Management System 1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
by nhattruong
CVSS 5.4
CVE-2021-28423 EXPLOITDB HIGH text
Teachers Record Management System <2.1 - SQL Injection
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
by nhattruong
CVSS 8.8
CVE-2020-36927 EXPLOITDB HIGH text
DiskPulse Enterprise 13.6.14 - Code Injection
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
EIP-2026-105866 EXPLOITDB text
CKEditor 3 - Server-Side Request Forgery (SSRF)
by ahmed
CVE-2020-36930 EXPLOITDB HIGH text
SysGauge Server 7.9.18 - Code Injection
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
CVE-2020-36929 EXPLOITDB HIGH text
Brother BRPrint Auditor 3.0.7 - Code Injection
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
by Brian Rodriguez
CVSS 7.8
CVE-2020-36928 EXPLOITDB HIGH text
Brother BRAgent 1.38 - Code Injection
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
by Brian Rodriguez
CVSS 7.8
EIP-2026-114746 EXPLOITDB text
Client Management System 1.1 - 'Search' SQL Injection
by BHAVESH KAUL
By Source
All 31,341 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24