Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2018-01-30

Advantech WebAccess < 8.3 - SQL Injection
  • webapps
  • windows
    		• Chris Lyne
    2018-01-30

    HPE iMC 7.3 – RMI Java Deserialization
  • remote
  • windows
    		• Chris Lyne
    2018-01-30

    Hotspot Shield – Information Disclosure
  • local
  • windows
    		• SecuriTeam
    2018-01-30

    BMC BladeLogic RSCD Agent 8.3.00.64 – Windows Users Disclosure
  • webapps
  • windows
    		• Paul Taylor
    2018-01-29

    Arq 5.10 – Local Privilege Escalation (2)
  • local
  • macos
    		• Mark Wadham
    2018-01-29

    Arq 5.10 – Local Privilege Escalation (1)
  • local
  • macos
    		• Mark Wadham
    2018-01-29

    Oracle WebLogic – wls-wsat Component Deserialization Remote Code Execution (Metasploit)
  • remote
  • multiple
    		• Metasploit
    2018-01-29

    macOS – ‘sysctl_vfs_generic_conf’ Stack Leak Through Struct Padding
  • dos
  • macos
    		• Google Security Research
    2018-01-29

    iBall WRA150N – Multiple Vulnerabilities
  • webapps
  • hardware
    		• SecuriTeam
    2018-01-29

    systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation
  • local
  • linux
    		• Michael Orlitzky
    2018-01-28

    Hot Scripts Clone – ‘subctid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    TSiteBuilder 1.0 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    Task Rabbit Clone 1.0 – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    Joomla! Component Jtag Members Directory 5.3.7 – Arbitrary File Download
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    Joomla! Component JS Support Ticket 1.1.0 – Cross-Site Request Forgery
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    Nexpose < 6.4.66 - Cross-Site Request Forgery
  • webapps
  • multiple
    		• Shwetabh Vishnoi
    2018-01-28

    Gnew 2018.1 – Cross-Site Request Forgery
  • webapps
  • php
    		• Cyril Vallicari
    2018-01-28

    PACSOne Server 6.6.2 DICOM Web Viewer – SQL Injection
  • webapps
  • php
    		• Carlos Avila
    2018-01-28

    PACSOne Server 6.6.2 DICOM Web Viewer – Directory Trasversal
  • webapps
  • php
    		• Carlos Avila
    2018-01-28

    Werkzeug – ‘Debug Shell’ Command Execution
  • remote
  • multiple
    		• Ali BawazeEer
    2018-01-28

    Artifex MuJS 1.0.2 – Integer Overflow
  • dos
  • multiple
    		• Andrea Sindoni
    2018-01-28

    KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
  • webapps
  • nodejs
    		• Saurabh Banawar
    2018-01-28

    Artifex MuJS 1.0.2 – Denial of Service
  • dos
  • multiple
    		• Andrea Sindoni
    2018-01-28

    Sony Playstation 3 (PS3) 4.82 – ‘Jailbreak’ (ROP)
  • local
  • hardware
    		• PS3Xploit
    2018-01-28

    Trend Micro Threat Discovery Appliance 2.6.1062r1 – ‘dlp_policy_upload.cgi’ Remote Code Execution
  • remote
  • linux
    		• mr_me
    2018-01-28

    Netis WF2419 Router – Cross-Site Request Forgery
  • webapps
  • hardware
    		• Sajibe Kanti
    2018-01-28

    Buddy Zone 2.9.9 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-28

    Multilanguage Real Estate MLM Script 3.0 – ‘srch’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-26

    Dodocool DC38 N300 – Cross-site Request Forgery
  • webapps
  • hardware
    		• Raffaele Sabato
    2018-01-26

    BMC BladeLogic 8.3.00.64 – Remote Command Execution
  • remote
  • multiple
    		• Paul Taylor
    2018-01-26

    WordPress Plugin Learning Management System – ‘course_id’ SQL Injection
  • webapps
  • php
    		• Esecurity.ir
    2018-01-25

    ASUS DSL-N14U B1 Router 1.1.2.3_345 – Change Administrator Password
  • webapps
  • hardware
    		• Víctor Calvo
    2018-01-25

    Exodus Wallet (ElectronJS Framework) – Remote Code Execution
  • remote
  • windows
    		• Wflki
    2018-01-24

    Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape
  • local
  • multiple
    		• SecuriTeam
    2018-01-24

    GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
  • remote
  • multiple
    		• Metasploit
    2018-01-24

    Kaltura – Remote PHP Code Execution over Cookie (Metasploit)
  • remote
  • php
    		• Metasploit
    2018-01-24

    Sync Breeze Enterprise 9.5.16 – ‘Import Command’ Buffer Overflow (Metasploit)
  • local
  • windows
    		• Metasploit
    2018-01-24

    Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
  • webapps
  • aspx
    		• Paul Taylor
    2018-01-24

    Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
  • webapps
  • aspx
    		• Paul Taylor
    2018-01-24

    WordPress Plugin Email Subscribers & Newsletters 3.4.7 – Information Disclosure
  • webapps
  • php
    		• ThreatPress Security
    2018-01-24

    RAVPower 2.000.056 – Root Remote Code Execution
  • remote
  • hardware
    		• Daniele Linguaglossa & Stefano Farletti
    2018-01-24

    Professional Local Directory Script 1.0 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-23

    Blizzard Update Agent – JSON RPC DNS Rebinding
  • local
  • windows
    		• Google Security Research
    2018-01-23

    Easy Car Script 2014 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-23

    RSVP Invitation Online 1.0 – Cross-Site Request Forgery (Update Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-23

    Affiligator 2.1.0 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-23

    LiveCRM SaaS Cloud 1.0 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2018-01-23

    NEC Univerge SV9100/SV8100 WebPro 10.0 – Configuration Download
  • webapps
  • multiple
    		• LiquidWorm
    2018-01-23

    HP Connected Backup 8.6/8.8.6 – Local Privilege Escalation
  • local
  • windows
    		• Peter Lapp
    2018-01-23

    RAVPower 2.000.056 – Memory Disclosure
  • dos
  • hardware
    		• Daniele Linguaglossa