Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24443Exploits

日期	标题	类型	平台	作者
2019-03-13	elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)	remote	php	Metasploit
2019-03-13	Apache Tika-server < 1.18 - Command Injection	remote	windows	Rhino Security Labs
2019-03-13	Core FTP Server FTP / SFTP Server v2 Build 674 – ‘MDTM’ Directory Traversal	dos	windows	Kevin Randall
2019-03-13	Microsoft Windows MSHTML Engine – ‘Edit’ Remote Code Execution	local	windows	Eduardo Braun Prado
2019-03-13	WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion	webapps	php	Manuel García Cárdenas
2019-03-13	Core FTP Server FTP / SFTP Server v2 Build 674 – ‘SIZE’ Directory Traversal	dos	windows	Kevin Randall
2019-03-12	PilusCart 1.4.1 – Cross-Site Request Forgery (Add Admin)	webapps	php	Gionathan Reale
2019-03-12	Core FTP 2.0 build 653 – ‘PBSZ’ Denial of Service (PoC)	dos	windows	Hodorsec
2019-03-11	PRTG Network Monitor 18.2.38 – (Authenticated) Remote Code Execution	webapps	windows	M4LV0
2019-03-11	OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)	webapps	jsp	AkkuS
2019-03-11	Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)	webapps	multiple	AkkuS
2019-03-11	Flexpaper PHP Publish Service 2.3.6 – Remote Code Execution	webapps	php	redtimmysec
2019-03-11	Linux Kernel 4.4 (Ubuntu 16.04) – ‘snd_timer_user_ccallback()’ Kernel Pointer Leak	dos	linux	wally0813
2019-03-11	NetSetMan 4.7.1 – Local Buffer Overflow (SEH Unicode)	local	windows	Devin Casadey
2019-03-08	OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting	webapps	multiple	Ozer Goker
2019-03-08	DirectAdmin 1.55 – ‘CMD_ACCOUNT_ADMIN’ Cross-Site Request Forgery	webapps	php	ManhNho
2019-03-08	Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)	local	hardware	Specter
2019-03-08	McAfee ePO 5.9.1 – Registered Executable Local Access Bypass	webapps	windows	leonjza
2019-03-07	Anyburn 4.3 x86 – ‘Copy disc to image file’ Buffer Overflow (Unicode) (SEH)	local	windows_x86	Hodorsec
2019-03-07	Imperva SecureSphere 13.x – ‘PWS’ Command Injection (Metasploit)	remote	linux	Metasploit
2019-03-07	Kados R10 GreenBee – Multiple SQL Injection	webapps	php	Mehmet EMIROGLU
2019-03-07	FreeBSD – Intel SYSRET Privilege Escalation (Metasploit)	local	freebsd_x86-64	Metasploit
2019-03-07	Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)	remote	php	Metasploit
2019-03-07	QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)	remote	hardware	AkkuS
2019-03-06	Android – binder Use-After-Free via racy Initialization of ->allow_user_free	dos	android	Google Security Research
2019-03-06	Android – getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass	dos	android	Google Security Research
2019-03-06	Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem	dos	linux	Google Security Research
2019-03-05	OpenDocMan 1.3.4 – ‘search.php where’ SQL Injection	webapps	php	Mehmet EMIROGLU
2019-03-04	MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal	webapps	windows	0v3rride
2019-03-04	zzzphp CMS 1.6.1 – Cross-Site Request Forgery	webapps	php	Yang Chenglong
2019-03-04	Craft CMS 3.1.12 Pro – Cross-Site Scripting	webapps	php	Ismail Tasdelen
2019-03-04	WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 – Multiple Bypass Vulnerabilities	webapps	php	ed0x21son
2019-03-04	OOP CMS BLOG 1.0 – Multiple SQL Injection	webapps	php	Mr Winst0n
2019-03-04	Fiberhome AN5506-04-F RP2669 – Persistent Cross-Site Scripting	webapps	hardware	Tauco
2019-03-04	elFinder 2.1.47 – ‘PHP connector’ Command Injection	webapps	php	q3rv0
2019-03-04	Bolt CMS 3.6.4 – Cross-Site Scripting	webapps	php	Ismail Tasdelen
2019-03-04	CMSsite 1.0 – Multiple Cross-Site Request Forgery	webapps	php	Mr Winst0n
2019-03-04	FileZilla 3.40.0 – ‘Local search’ / ‘Local site’ Denial of Service (PoC)	dos	linux	Mr Winst0n
2019-03-04	Microsoft Edge Chakra 1.11.4 – Read Permission via Type Confusion	dos	windows	Fahad Aid Alharbi
2019-03-04	Booked Scheduler 2.7.5 – Remote Command Execution (Metasploit)	webapps	php	AkkuS
2019-03-04	Splunk Enterprise 7.2.4 – Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)	webapps	windows	Matteo Malvica
2019-03-04	Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 – Remote Code Execution	webapps	hardware	JameelNabbo
2019-03-04	OOP CMS BLOG 1.0 – Multiple Cross-Site Request Forgery	webapps	php	Mr Winst0n
2019-03-01	WordPress Core 5.0 – Remote Code Execution	webapps	php	allyshka
2019-03-01	Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost	dos	multiple	Google Security Research
2019-03-01	Google Chrome < M72 - PaymentRequest Service Use-After-Free	dos	multiple	Google Security Research
2019-03-01	macOS XNU – Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image	dos	macos	Google Security Research
2019-03-01	Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free	dos	multiple	Google Security Research
2019-03-01	Google Chrome < M72 - FileWriterImpl Use-After-Free	dos	multiple	Google Security Research
2019-03-01	tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads	dos	multiple	Google Security Research