Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-43463 EXPLOITDB HIGH text
Ext2Fsd v0.68 - Unquoted Service Path
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-47862 EXPLOITDB HIGH text
Hi-Rez Studios 5.1.6.3 - Code Injection
Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by Ekrem Can Kök
CVSS 7.8
CVE-2021-47861 EXPLOITDB HIGH text
Event Log Explorer 4.9.3 - Privilege Escalation
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.
by Alan Mondragon
CVSS 7.8
CVE-2021-47859 EXPLOITDB HIGH text
ActivIdentity 8.2 - Local Privilege Escalation
ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
EIP-2026-117121 EXPLOITDB text
ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
by SamAlucard
CVE-2021-27946 EXPLOITDB HIGH text
MyBB < 1.8.26 - SQL Injection via Poll Vote Count
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
by SivertPL
CVSS 8.8
EIP-2026-107644 EXPLOITDB text
Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
by Jitendra Kumar Tripathi
CVE-2021-47868 EXPLOITDB HIGH text
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.
by Alan Mondragon
CVSS 7.8
CVE-2021-47867 EXPLOITDB HIGH text
WIN-PACK PRO4.8 - Privilege Escalation
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
by Alan Mondragon
CVSS 7.8
CVE-2021-47866 EXPLOITDB HIGH text
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
by Alan Mondragon
CVSS 7.8
CVE-2021-47864 EXPLOITDB HIGH text
OSAS Traverse Extension 11 - Path Traversal
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.
by Johnny Tech
CVSS 7.8
CVE-2021-47863 EXPLOITDB HIGH text
MacPaw Encrypto 1.0.1 - Code Injection
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
by Ismael Nava
CVSS 7.8
EIP-2026-117896 EXPLOITDB text
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
by Alan Mondragon
EIP-2026-101339 EXPLOITDB text
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
by LiquidWorm
CVE-2021-46850 EXPLOITDB HIGH text
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
by numan türle
CVSS 7.2
CVE-2021-29002 EXPLOITDB MEDIUM text
Plone CMS 5.2.3 - Stored Cross-Site Scripting via Site Control Panel Site Title Parameter
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
by Piyush Patil
CVSS 5.4
CVE-2021-47869 EXPLOITDB HIGH text
Brother BRAdmin Professional 3.75 - Local Privilege Escalation
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
by Metin Yunus Kandemir
CVSS 7.8
CVE-2021-27969 EXPLOITDB MEDIUM text
Dolphin CMS 7.4.2 - Stored Cross-Site Scripting via Page Builder Width Parameter
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-28271 EXPLOITDB HIGH text
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
by LiquidWorm
CVSS 8.8
CVE-2021-28269 EXPLOITDB HIGH text
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
by LiquidWorm
CVSS 8.8
EIP-2026-117118 EXPLOITDB text
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
by Riadh Bouchahoua
EIP-2026-110150 EXPLOITDB text
Online News Portal 1.0 - 'name' SQL Injection
by Richard Jones
EIP-2026-110149 EXPLOITDB text
Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
by Richard Jones
CVE-2019-12962 EXPLOITDB MEDIUM text
LiveZilla < 8.0.1.1 - Cross-Site Scripting via Accept-Language HTTP Header
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
by Clément Cruchet
CVSS 6.1
EIP-2026-102026 EXPLOITDB text
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
by LiquidWorm
By Source
All 31,386 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25