Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36977 EXPLOITDB HIGH text
Wondershare Driver Install Service - Privilege Escalation
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.
by Luis Sandoval
CVSS 7.8
CVE-2020-29247 EXPLOITDB MEDIUM text
WonderCMS 3.1.3 - XSS
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
by Mayur Parmar
CVSS 4.8
EIP-2026-110377 EXPLOITDB text
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
by Emre Aslan
CVE-2020-29470 EXPLOITDB MEDIUM text
OpenCart 3.0.3.6 - XSS
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
CVE-2020-29471 EXPLOITDB MEDIUM text
OpenCart 3.0.3.6 - XSS
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
by Hemant Patidar
CVSS 4.8
CVE-2020-29475 EXPLOITDB MEDIUM text
nopCommerce Store 4.30 - XSS
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
CVE-2020-13951 EXPLOITDB HIGH text
Apache Openmeetings < 5.0.0 - Denial of Service
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
by SunCSR
CVSS 7.5
EIP-2026-101988 EXPLOITDB text
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
by maj0rmil4d
EIP-2026-113159 EXPLOITDB text
VTiger v7.0 CRM - 'To' Persistent XSS
by Vulnerability-Lab
CVE-2020-7934 EXPLOITDB MEDIUM text
LifeRay Portal CE <7.2.1 GA2 - XSS
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.
by 3ndG4me
CVSS 5.4
CVE-2020-24363 EXPLOITDB HIGH text
TP-Link TL-WA855RE V5 - Privilege Escalation
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
by malwrforensics
CVSS 8.8
CVE-2020-29233 EXPLOITDB MEDIUM text VERIFIED
WonderCMS 3.1.3 - XSS
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
CVE-2020-15929 EXPLOITDB CRITICAL text
Ortussolutions Testbox < 4.1.0 - Path Traversal
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
by Darren King
CVSS 9.8
CVE-2020-15928 EXPLOITDB MEDIUM text
Ortussolutions Testbox < 4.1.0 - Path Traversal
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
by Darren King
CVSS 5.3
CVE-2020-28091 EXPLOITDB HIGH text
Cxuucms - SQL Injection
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
by icekam
CVSS 7.5
CVE-2020-28092 EXPLOITDB MEDIUM text
Pescms Team - XSS
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
by icekam
CVSS 6.1
EIP-2026-104348 EXPLOITDB text
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
by Emre ÖVÜNÇ
EIP-2026-114275 EXPLOITDB text
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)
by ZwX
CVE-2020-25820 EXPLOITDB MEDIUM text
Bigbluebutton < 2.2.27 - SSRF
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
by RedTeam Pentesting GmbH
CVSS 6.5
CVE-2020-36978 EXPLOITDB MEDIUM text
Froxlor Server Management Panel <0.10.16 - XSS
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.
by Vulnerability-Lab
CVSS 6.4
CVE-2020-35263 EXPLOITDB CRITICAL text
Egavilanmedia User Registration And L... - SQL Injection
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
by Kislay Kumar
CVSS 9.8
CVE-2020-29168 EXPLOITDB CRITICAL text
Online Doctor Appointment Booking System Php And Mysql - SQL Injection
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
by Ramil Mustafayev
CVSS 9.8
CVE-2020-0674 EXPLOITDB HIGH text
Microsoft Internet Explorer - Use After Free
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
by maxpl0it
CVSS 7.5
EIP-2026-117406 EXPLOITDB text
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
by Gerardo González
EIP-2026-113609 EXPLOITDB text
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
by Vulnerability-Lab
By Source
All 31,341 Exploitdb 50,121 Writeup 46,839 Nomisec 21,209 Metasploit 3,189 Github 2,279 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,750 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24