Exploitdb Exploits
50,135 exploits tracked across all sources.
Dup Scout 13.5.28 - Code Injection
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Disk Savvy 13.6.14 - Code Injection
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.
by Brian Rodriguez
CVSS 7.8
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
by Ismael Nava
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
by Brian Rodriguez
Unified Office Total Connect Now 1.0 - 'data' SQL Injection
by Ajaikumar Nadar
Zoho ManageEngine ServiceDesk Plus MSP <10519 - Info Disclosure
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
by Ricardo Ruiz
CVSS 5.3
Disk Sorter Server 13.6.12 - Code Injection
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious executables and escalate privileges.
by BRushiran
CVSS 7.8
Disk Sorter Enterprise 13.6.12 - Code Injection
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges.
by BRushiran
CVSS 7.8
Cotonti Siena - XSS
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
by Fatih İLGİN
CVSS 5.4
Teachers Record Management System 1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
by nhattruong
CVSS 5.4
Teachers Record Management System <2.1 - SQL Injection
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
by nhattruong
CVSS 8.8
DiskPulse Enterprise 13.6.14 - Code Injection
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
OpenEMR <5.0.1.4 - Auth Bypass
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
by Ron Jost
CVSS 9.1
SysGauge Server 7.9.18 - Code Injection
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Brother BRPrint Auditor 3.0.7 - Code Injection
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
by Brian Rodriguez
CVSS 7.8
Brother BRAgent 1.38 - Code Injection
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
by Brian Rodriguez
CVSS 7.8
Client Management System 1.1 - 'Search' SQL Injection
by BHAVESH KAUL
Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)
by BHAVESH KAUL
polkit - Privilege Escalation
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
by J Smith
CVSS 7.8
Spy Emergency 25.0.650 - Privilege Escalation
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.
by Erick Galindo
CVSS 7.8
WibuKey Runtime 6.51 - Code Injection
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
by Brian Rodriguez
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
by Mert Daş
Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
by Riadh Benlamine
By Source