Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36976 EXPLOITDB HIGH text
Acer Global Registration Service 1.0.0.3 - Code Injection
Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup.
by Emmanuel Lujan
CVSS 7.8
CVE-2020-36975 EXPLOITDB HIGH text
EPSON Status Monitor 3 <8.0 - RCE
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
CVE-2020-36962 EXPLOITDB CRITICAL text
Tendenci 12.3.1 - Code Injection
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
by Mufaddal Masalawala
CVSS 9.8
CVE-2020-36553 EXPLOITDB MEDIUM text
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
CVE-2020-36552 EXPLOITDB MEDIUM text
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
CVE-2020-36551 EXPLOITDB MEDIUM text
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
CVE-2020-36550 EXPLOITDB MEDIUM text
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
by yunaranyancat
CVSS 5.4
CVE-2020-36154 EXPLOITDB HIGH text
Pearson Vue Testing System - Incorrect Permission Assignment
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
by Jok3r
CVSS 7.8
CVE-2020-35261 EXPLOITDB MEDIUM text
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
by yunaranyancat
CVSS 5.4
EIP-2026-112829 EXPLOITDB text
TypeSetter 5.1 - CSRF (Change admin e-mail)
by Alperen Ergel
EIP-2026-112551 EXPLOITDB text
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
EIP-2026-112294 EXPLOITDB text
Social Networking Site - Authentication Bypass (SQli)
by gh1mau
EIP-2026-110461 EXPLOITDB text
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Matthew Aberegg
EIP-2026-110175 EXPLOITDB text
Online Shopping Alphaware 1.0 - Error Based SQL injection
by Moaaz Taha
EIP-2026-109390 EXPLOITDB text
Medical Center Portal Management System 1.0 - 'login' SQL Injection
by Aydın Baran Ertemir
CVE-2020-29240 EXPLOITDB MEDIUM text
Lepton-CMS 4.7.0 - XSS
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
by Sagar Banwa
CVSS 4.8
CVE-2020-23972 EXPLOITDB HIGH text
Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
by ThelastVvV
CVSS 7.5
EIP-2026-114361 EXPLOITDB text
Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
by Ilca Lucian Florin
EIP-2026-114301 EXPLOITDB text
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
by SunCSR
EIP-2026-113472 EXPLOITDB text
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
by Sun* Cyber Security Research Team
EIP-2026-109582 EXPLOITDB text
Moodle 3.8 - Unrestricted File Upload
by Sirwan Veisi
EIP-2026-107658 EXPLOITDB text
House Rental 1.0 - 'keywords' SQL Injection
by boku
EIP-2026-106841 EXPLOITDB text
ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
by Vyshnav nk
CVE-2020-24963 EXPLOITDB MEDIUM text
Appsbd Best Support System - XSS
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
by Ex.Mi
CVSS 5.4
EIP-2026-103812 EXPLOITDB text
SAP Lumira 1.31 - Stored Cross-Site Scripting
by Ilca Lucian Florin
By Source
All 31,341 Exploitdb 50,121 Writeup 46,839 Nomisec 21,209 Metasploit 3,189 Github 2,279 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,750 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24