Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47880 EXPLOITDB HIGH text
Realtek Wireless LAN Utility 700.1631 - Privilege Escalation
Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
by Luis Martínez
CVSS 7.8
CVE-2021-47879 EXPLOITDB HIGH text
eBeam Interactive Suite 3.6 - Privilege Escalation
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
by Luis Martínez
CVSS 7.8
CVE-2021-47878 EXPLOITDB HIGH text
eBeam Education Suite 2.5.0.9 - Code Injection
eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.
by Luis Martínez
CVSS 7.8
EIP-2026-117806 EXPLOITDB text
QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
by Luis Martínez
CVE-2021-26830 EXPLOITDB CRITICAL text
Tribalsystems Zenario < 8.8.53370 - SQL Injection
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
by Balaji Ayyasamy
CVSS 9.1
EIP-2026-111693 EXPLOITDB text
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
by Murat ŞEKER
CVE-2021-27695 EXPLOITDB MEDIUM text
openMAINT <3.3-b - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
by Hosein Vita
CVSS 6.1
CVE-2021-43458 EXPLOITDB HIGH text
Vembu BDR 4.2.0.1 - Unquoted Service Path
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
by Mohammed Alshehri
CVSS 7.8
EIP-2026-109556 EXPLOITDB text
Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
by Richard Jones
CVE-2021-47726 EXPLOITDB HIGH text
NuCom 11N Wireless Router 5.07.90 - Privilege Escalation
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format.
by LiquidWorm
CVSS 7.5
EIP-2026-109727 EXPLOITDB text
MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
by 0xB9
EIP-2026-106180 EXPLOITDB text
CouchCMS 2.2.1 - Persistent Cross-Site Scripting
by xxcdd
CVE-2021-43457 EXPLOITDB HIGH text
bVPN 2.5.1 - Path Traversal
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-43455 EXPLOITDB HIGH text
FreeLAN 2.2 - Buffer Overflow
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-47883 EXPLOITDB HIGH text
Sandboxie Plus 0.7.2 - Privilege Escalation
Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-47882 EXPLOITDB HIGH text
FreeLAN 2.2 - RCE
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-47887 EXPLOITDB HIGH text
OKI Print Job Accounting 4.4.10 - Local Privilege Escalation
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
CVE-2021-47886 EXPLOITDB HIGH text
Pingzapper 2.3.1 - Code Injection
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
CVE-2021-47884 EXPLOITDB HIGH text
OKI Configuration Tool 1.6.53 - Code Injection
OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
EIP-2026-107436 EXPLOITDB text
GLPI 9.5.3 - 'fromtype' Unsafe Reflection
by Vadym Soroka
CVE-2021-28002 EXPLOITDB MEDIUM text
Textpattern CMS 4.9.0 - XSS
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
by Tushar Vaidya
CVSS 5.4
CVE-2021-28001 EXPLOITDB MEDIUM text
Textpattern CMS 4.8.4 - XSS
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
by Tushar Vaidya
CVSS 5.4
CVE-2021-28295 EXPLOITDB HIGH text
Online Ordering System 1.0 - SQL Injection
Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.
by Suraj Bhosale
CVSS 7.5
CVE-2021-28294 EXPLOITDB CRITICAL text
Online Ordering System 1.0 - RCE
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
by Suraj Bhosale
CVSS 9.8
EIP-2026-113206 EXPLOITDB text
Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
by Deepak Kumar Bharti
By Source
All 31,341 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24