Exploitdb Exploits

50,193 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36934 EXPLOITDB HIGH text
Deep Instinct Windows Agent 1.2.24.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Paulina Girón
CVSS 7.8
CVE-2020-36933 EXPLOITDB HIGH text
HTC IPTInstaller 4.0.9 - Code Injection
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
by SamAlucard
CVSS 7.8
CVE-2020-36982 EXPLOITDB HIGH text
Motorola Device Manager 2.5.4 - Code Injection
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36981 EXPLOITDB HIGH text
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36981 EXPLOITDB HIGH text
Motorola Device Manager 2.4.5 - Code Injection
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.
by Angel Canseco
CVSS 7.8
CVE-2020-36879 EXPLOITDB HIGH text
Flexsense DiskBoss 11.7.28 - Privilege Escalation
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
by Mohammed Alshehri
EIP-2026-118136 EXPLOITDB text
Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path
by SamAlucard
EIP-2026-117984 EXPLOITDB text
Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path
by Julio Aviña
EIP-2026-117849 EXPLOITDB text
RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path
by Erick Galindo
EIP-2026-117842 EXPLOITDB text
Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path
by Erika Figueroa
EIP-2026-117838 EXPLOITDB text
Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path
by Erika Figueroa
EIP-2026-117795 EXPLOITDB text
Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path
by Mohammed Alshehri
EIP-2026-117717 EXPLOITDB text
OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path
by Julio Aviña
EIP-2026-117310 EXPLOITDB text
iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path
by Leslie Lara
EIP-2026-117284 EXPLOITDB text
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path
by Jocelyn Arenas
EIP-2026-117280 EXPLOITDB text
HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path
by Julio Aviña
EIP-2026-117231 EXPLOITDB text
Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path
by SamAlucard
EIP-2026-117043 EXPLOITDB text
DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path
by SamAlucard
EIP-2026-116938 EXPLOITDB text
Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path
by Carlos Roa
CVE-2020-28328 EXPLOITDB HIGH python
Salesagility Suitecrm < 7.11.17 - Unrestricted File Upload
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
by M. Cory Billington
CVSS 8.8
CVE-2020-28249 EXPLOITDB MEDIUM text
Joplin < 1.3.11 - XSS
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
by Philip Holbrook
CVSS 6.1
CVE-2020-25015 EXPLOITDB MEDIUM text
Genexis Platinum 4410 Firmware - CSRF
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
by Jinson Varghese Behanan
CVSS 6.5
CVE-2020-36972 EXPLOITDB HIGH python
SmartBlog 2.0.1 - SQL Injection
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
by C0wnuts
CVSS 8.2
EIP-2026-111985 EXPLOITDB python
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
by Fatih Çelik
EIP-2026-111982 EXPLOITDB python
Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)
by Fatih Çelik
By Source
All 50,193 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24