Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2018-11-13

ABC ERP 0.6.4 – Cross-Site Request Forgery (Update Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-13

    Surreal ToDo 0.6.1.2 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-13

    Easyndexer 1.0 – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-13

    XAMPP Control Panel 3.2.2 – Buffer Overflow (SEH) (Unicode)
  • local
  • windows
    		• Semen Alexandrovich Lyhin
    2018-11-12

    CuteFTP 9.3.0.3 – Denial of Service (PoC)
  • dos
  • windows_x86-64
    		• Ismael Nava
    2018-11-12

    Facturation System 1.0 – ‘modid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    ServerZilla 1.0 – ’email’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    GPS Tracking System 2.12 – ‘username’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    Easyndexer 1.0 – Cross-Site Request Forgery (Add Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    Mongoose Web Server 6.9 – Denial of Service (PoC)
  • dos
  • windows_x86-64
    		• Ihsan Sencan
    2018-11-12

    D-LINK Central WifiManager CWM-100 – Server-Side Request Forgery
  • webapps
  • hardware
    		• hyp3rlinx
    2018-11-12

    Nominas 0.27 – ‘username’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    TufinOS 2.17 Build 1193 – XML External Entity Injection
  • webapps
  • linux
    		• Konstantinos Alexiou
    2018-11-12

    HeidiSQL 9.5.0.5196 – Denial of Service (PoC)
  • dos
  • windows
    		• Victor Mondragón
    2018-11-12

    The Don 1.0.1 – ‘login’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    Data Center Audit 2.6.2 – ‘username’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    TP-Link Archer C50 Wireless Router 171227 – Cross-Site Request Forgery (Configuration File Disclosure)
  • webapps
  • hardware
    		• Wadeek
    2018-11-12

    Paroiciel 11.20 – ‘tRecIdListe’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-12

    WordPress Plugin Media File Manager 1.4.2 – Directory Traversal / Cross-Site Scripting
  • webapps
  • php
    		• Pasquale Turi
    2018-11-08

    Microsoft Windows 10 (Build 17134) – Local Privilege Escalation (UAC Bypass)
  • local
  • windows
    		• Tenable NS
    2018-11-07

    PlayJoom 0.10.1 – ‘catid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-07

    OpenSLP 2.0.0 – Multiple Vulnerabilities
  • local
  • linux
    		• Magnus Klaaborg Stubman
    2018-11-06

    Morris Worm – sendmail Debug Mode Shell Escape (Metasploit)
  • remote
  • unix
    		• Metasploit
    2018-11-06

    OOP CMS BLOG 1.0 – Cross-Site Request Forgery (Add Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-06

    Blue Server 1.1 – Denial of Service (PoC)
  • dos
  • windows_x86-64
    		• Ihsan Sencan
    2018-11-06

    OOP CMS BLOG 1.0 – ‘search’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-06

    CMS Made Simple 2.2.7 – (Authenticated) Remote Code Execution
  • webapps
  • php
    		• Lucian Ioan Nitescu
    2018-11-06

    VSAXESS V2.6.2.70 build20171226_053 – ‘organization’ Denial of Service (PoC)
  • dos
  • windows
    		• Diego Santamaria
    2018-11-06

    FaceTime – RTP Video Processing Heap Corruption
  • dos
  • ios
    		• Google Security Research
    2018-11-06

    blueimp’s jQuery 9.22.0 – (Arbitrary) File Upload (Metasploit)
  • remote
  • php
    		• Metasploit
    2018-11-06

    LibreHealth 2.0.0 – (Authenticated) Arbitrary File Actions
  • webapps
  • php
    		• Carlos Avila
    2018-11-06

    Grocery crud 1.6.1 – ‘search_field’ SQL Injection
  • webapps
  • php
    		• Loading Kura Kura
    2018-11-06

    OpenBiz Cubi Lite 3.0.8 – ‘username’ SQL Injection
  • webapps
  • php
    		• AkkuS
    2018-11-06

    Arm Whois 3.11 – Buffer Overflow (SEH)
  • local
  • windows_x86
    		• Semen Alexandrovich Lyhin
    2018-11-06

    Morris Worm – fingerd Stack Buffer Overflow (Metasploit)
  • remote
  • bsd
    		• Metasploit
    2018-11-06

    libiec61850 1.3 – Stack Based Buffer Overflow
  • local
  • linux
    		• Dhiraj Mishra
    2018-11-06

    FaceTime – ‘VCPDecompressionDecodeFrame’ Memory Corruption
  • dos
  • macos
    		• Google Security Research
    2018-11-06

    eToolz 3.4.8.0 – Denial of Service (PoC)
  • dos
  • windows_x86-64
    		• Ihsan Sencan
    2018-11-06

    FaceTime – ‘readSPSandGetDecoderParams’ Stack Corruption
  • dos
  • macos
    		• Google Security Research
    2018-11-05

    Voovi Social Networking Script 1.0 – ‘user’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-05

    Advantech WebAccess SCADA 8.3.2 – Remote Code Execution
  • webapps
  • asp
    		• Chris Lyne
    2018-11-05

    PHP Proxy 3.0.3 – Local File Inclusion
  • webapps
  • php
    		• AkkuS
    2018-11-05

    Royal TS/X – Information Disclosure
  • webapps
  • json
    		• Jakub Palaczynski
    2018-11-05

    Microsoft Internet Explorer 11 – Null Pointer Dereference
  • local
  • windows
    		• LiquidWorm
    2018-11-05

    Softros LAN Messenger 9.2 – Denial of Service (PoC)
  • dos
  • windows_x86-64
    		• Victor Mondragón
    2018-11-05

    Poppy Web Interface Generator 0.8 – Arbitrary File Upload
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-05

    Virgin Media Hub 3.0 Router – Denial of Service (PoC)
  • dos
  • hardware
    		• Ross Inman
    2018-11-05

    WebVet 0.1a – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-05

    Mongo Web Admin 6.0 – Information Disclosure
  • webapps
  • php
    		• Ihsan Sencan
    2018-11-05

    SiAdmin 1.1 – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan