Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2018-10-24

Apache OFBiz 16.11.04 – XML External Entity Injection
  • webapps
  • java
    		• Jamie Parfet
    2018-10-23

    SIM-PKH 2.4.1 – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-23

    School ERP Pro+Responsive 1.0 – ‘fid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-23

    MGB OpenSource Guestbook 0.7.0.2 – ‘id’ SQL Injection
  • webapps
  • windows
    		• Ihsan Sencan
    2018-10-23

    School ERP Pro+Responsive 1.0 – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-23

    ServersCheck Monitoring Software 14.3.3 – ‘id’ SQL Injection
  • webapps
  • windows
    		• hyp3rlinx
    2018-10-23

    ServersCheck Monitoring Software 14.3.3 – Arbitrary File Write
  • remote
  • windows
    		• hyp3rlinx
    2018-10-23

    SIM-PKH 2.4.1 – Arbitrary File Upload
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-23

    Microsoft Data Sharing – Local Privilege Escalation (PoC)
  • local
  • windows
    		• SandboxEscaper
    2018-10-23

    Appsource School Management System 1.0 – ‘student_id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    School ERP Ultimate 2018 – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    Apple iOS – Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
  • dos
  • ios
    		• Google Security Research
    2018-10-22

    Audacity 2.3 – Denial of Service (PoC)
  • dos
  • windows
    		• Kağan Çapar
    2018-10-22

    Oracle Siebel CRM 8.1.1 – CSV Injection
  • webapps
  • java
    		• Sarath Nair
    2018-10-22

    School ERP Ultimate 2018 – ‘fid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    The Open ISES Project 3.30A – ‘tick_lat’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    Microsoft Windows 10 – Local Privilege Escalation (UAC Bypass)
  • local
  • windows
    		• Fabien DROMAS
    2018-10-22

    Viva Visitor & Volunteer ID Tracking 0.95.1 – ‘fname’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    Apple iOS Kernel – Use-After-Free due to bad Error Handling in Personas
  • dos
  • ios
    		• Google Security Research
    2018-10-22

    MySQL Edit Table 1.0 – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    The Open ISES Project 3.30A – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    eNdonesia Portal 8.7 – ‘artid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-22

    Apple iOS/macOS – Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
  • dos
  • multiple
    		• Google Security Research
    2018-10-22

    Microsoft Windows – SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
  • local
  • windows
    		• Metasploit
    2018-10-22

    Apple iOS/macOS – Sandbox Escape due to mach Message sent from Shared Memory
  • dos
  • multiple
    		• Google Security Research
    2018-10-22

    Apple Intel GPU Driver – Use-After-Free/Double-Delete due to bad Locking
  • dos
  • macos
    		• Google Security Research
    2018-10-22

    Keybase keybase-redirector – ‘$PATH’ Local Privilege Escalation
  • local
  • linux
    		• mirchr
    2018-10-22

    Modbus Poll 7.2.2 – Denial of Service (PoC)
  • dos
  • windows_x86
    		• Cemal Cihad ÇİFTÇİ
    2018-10-22

    Apple iOS/macOS – Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
  • dos
  • multiple
    		• Google Security Research
    2018-10-20

    LibSSH 0.7.6 / 0.8.4 – Unauthorized Access
  • remote
  • linux
    		• jas502n
    2018-10-18

    Learning with Texts 1.6.2 – ‘start’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-18

    libSSH – Authentication Bypass
  • remote
  • linux
    		• Dayanç Soyadlı
    2018-10-18

    OwnTicket 1.0 – ‘TicketID’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-18

    PHP-SHOP master 1.0 – Cross-Site Request Forgery (Add Admin)
  • webapps
  • php
    		• Alireza Norkazemi
    2018-10-17

    Time and Expense Management System 3.0 – ‘table’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-17

    TP-Link TL-SC3130 1.6.18 – RTSP Stream Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2018-10-17

    FLIR AX8 Thermal Camera 1.32.16 – Hard-Coded Credentials
  • remote
  • hardware
    		• LiquidWorm
    2018-10-17

    Time and Expense Management System 3.0 – Cross-Site Request Forgery (Add Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-17

    Any Sound Recorder 2.93 – Buffer Overflow (SEH)
  • local
  • windows_x86
    		• Abdullah Alıç
    2018-10-17

    BigTree CMS 4.2.23 – Cross-Site Scripting
  • webapps
  • php
    		• Ismail Tasdelen
    2018-10-16

    WordPress Plugin Support Board 1.2.3 – Cross-Site Scripting
  • webapps
  • php
    		• Ismail Tasdelen
    2018-10-16

    Vishesh Auto Index 3.1 – ‘fid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    Kados R10 GreenBee – ‘release_id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    Library CMS 2.1.1 – Cross-Site Scripting
  • webapps
  • php
    		• Ismail Tasdelen
    2018-10-16

    VLC Media Player – MKV Use-After-Free (Metasploit)
  • local
  • windows
    		• Metasploit
    2018-10-16

    Navigate CMS 2.8.5 – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    HotelDruid 2.2.4 – ‘anno’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    Rukovoditel Project Management CRM 2.3 – ‘path’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    GIU Gallery Image Upload 0.3.1 – ‘category’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-10-16

    Heatmiser Wifi Thermostat 1.7 – Credential Disclosure
  • webapps
  • hardware
    		• d0wnp0ur