Text Exploits
31,386 exploits tracked across all sources.
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
by Mehmet Kelepçe
SAntivirus IC <10.0.21.61 - Code Injection
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.
by Mara Ramirez
CVSS 7.8
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
by Isabel Lopez
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
by Teresa Q
Journal theme < 3.1.0 - Sensitive Data Exposure via SQL Error Messages
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
by Jinson Varghese Behanan
CVSS 7.5
touchbase.ai < 2.0 - Cross-Site Scripting
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
by Simran Sankhala
CVSS 8.0
SourceCodester Water Billing System 1.0 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
by Sarang Tumne
CVSS 9.8
Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection
by Abdulazeez Alaseeri
Customer Support System 1.0 - Cross-Site Request Forgery
by Ahmed Abbas
Customer Support System 1.0 - 'username' Authentication Bypass
by Ahmed Abbas
Customer Support System 1.0 - 'description' Stored XSS in The Admin Panel
by Ahmed Abbas
CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)
by Fatih Çelik
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
by Joe Helle
CVSS 6.1
Anuko Time Tracker <1.19.23.5325 - Info Disclosure
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
by Mufaddal Masalawala
CVSS 8.7
Winstep 18.06.0096 Unquoted Service Path Privilege Escalation
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.
by SamAlucard
CVSS 7.8
Realtek Audio Service 1.0.0.55 Unquoted Service Path Privilege Escalation
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Erika Figueroa
CVSS 7.8
RealTimes Desktop Service 18.1.4 Unquoted Service Path Privilege Escalation
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Erick Galindo
CVSS 7.8
Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Mohammed Alshehri
CVSS 7.8
Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots.
by Julio Aviña
CVSS 7.8
OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.
by Julio Aviña
CVSS 7.8
Microvirt MEMU Play 3.7.0 - Code Injection
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.
by SamAlucard
CVSS 7.8
Magic Mouse 2 Utilities <2.20 - Privilege Escalation
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.
by SamAlucard
CVSS 7.8
KMSpico 17.1.0.0 - Unquoted Service Path Privilege Escalation via Service KMSELDI Configuration
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
Deep Instinct Windows Agent 1.2.24.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Paulina Girón
CVSS 7.8
HTC IPTInstaller 4.0.9 - Code Injection
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
by SamAlucard
CVSS 7.8
By Source