Text Exploits
31,386 exploits tracked across all sources.
Motorola Device Manager 2.5.4 - Code Injection
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
Flexsense DiskBoss 11.7.28 - Privilege Escalation
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
by Mohammed Alshehri
Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path
by Erika Figueroa
iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path
by Leslie Lara
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path
by Jocelyn Arenas
HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path
by Julio Aviña
Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path
by SamAlucard
DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path
by SamAlucard
Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path
by Carlos Roa
Joplin < 1.3.11 - Stored Cross-Site Scripting via LINK Element in Note
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
by Philip Holbrook
CVSS 6.1
Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
by Jinson Varghese Behanan
CVSS 6.5
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
by LiquidWorm
CVSS 9.8
iDS6 DSSPro Digital Signage System 6.2 - Privilege Escalation
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.
by LiquidWorm
CVSS 8.8
iDS6 DSSPro Digital Signage System 6.2 - CSRF
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.
by LiquidWorm
CVSS 4.3
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
by David Bimmel
CVSS 6.5
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
by yunaranyancat
CVSS 9.8
Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
Quick 'n Easy FTP Service 3.2 - RCE
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.
by yunaranyancat
CVSS 7.8
DedeCMS 5.8 - Cross-Site Scripting in Search Feature
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
by Noth
CVSS 5.4
CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting
by Vyshnav nk
By Source