Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37251 EXPLOITDB HIGH text
RealTimes Desktop Service 18.1.4 Unquoted Service Path Privilege Escalation
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Erick Galindo
CVSS 7.8
CVE-2020-37231 EXPLOITDB HIGH text
Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Mohammed Alshehri
CVSS 7.8
CVE-2020-37230 EXPLOITDB HIGH text
Syncplify.me Server! 5.0.37 Unquoted Service Path Privilege Escalation
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots.
by Julio Aviña
CVSS 7.8
CVE-2020-37229 EXPLOITDB HIGH text
OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.
by Julio Aviña
CVSS 7.8
CVE-2020-36937 EXPLOITDB HIGH text
Microvirt MEMU Play 3.7.0 - Code Injection
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.
by SamAlucard
CVSS 7.8
CVE-2020-36936 EXPLOITDB HIGH text
Magic Mouse 2 Utilities <2.20 - Privilege Escalation
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.
by SamAlucard
CVSS 7.8
CVE-2020-36935 EXPLOITDB HIGH text
KMSpico 17.1.0.0 - Unquoted Service Path Privilege Escalation via Service KMSELDI Configuration
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
CVE-2020-36934 EXPLOITDB HIGH text
Deep Instinct Windows Agent 1.2.24.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Paulina Girón
CVSS 7.8
CVE-2020-36933 EXPLOITDB HIGH text
HTC IPTInstaller 4.0.9 - Code Injection
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
by SamAlucard
CVSS 7.8
CVE-2020-36982 EXPLOITDB HIGH text
Motorola Device Manager 2.5.4 - Code Injection
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36981 EXPLOITDB HIGH text
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36981 EXPLOITDB HIGH text
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36879 EXPLOITDB HIGH text
Flexsense DiskBoss 11.7.28 - Privilege Escalation
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
by Mohammed Alshehri
EIP-2026-117838 EXPLOITDB text
Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path
by Erika Figueroa
EIP-2026-117310 EXPLOITDB text
iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path
by Leslie Lara
EIP-2026-117284 EXPLOITDB text
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path
by Jocelyn Arenas
EIP-2026-117280 EXPLOITDB text
HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path
by Julio Aviña
EIP-2026-117231 EXPLOITDB text
Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path
by SamAlucard
EIP-2026-117043 EXPLOITDB text
DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path
by SamAlucard
EIP-2026-116938 EXPLOITDB text
Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path
by Carlos Roa
CVE-2020-28328 EXPLOITDB HIGH python
SuiteCRM < 7.11.17 - Remote Code Execution via Log File Name Setting
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
by M. Cory Billington
CVSS 8.8
CVE-2020-28249 EXPLOITDB MEDIUM text
Joplin < 1.3.11 - Stored Cross-Site Scripting via LINK Element in Note
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
by Philip Holbrook
CVSS 6.1
CVE-2020-25015 EXPLOITDB MEDIUM text
Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
by Jinson Varghese Behanan
CVSS 6.5
CVE-2020-36972 EXPLOITDB HIGH python
SmartBlog 2.0.1 - Blind SQL Injection via id_post Parameter
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
by C0wnuts
CVSS 8.2
EIP-2026-111985 EXPLOITDB python
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
by Fatih Çelik