Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24443Exploits

日期	标题	类型	平台	作者
2017-12-23	Iopsys Router – ‘dhcp’ Remote Code Execution	remote	hardware	neonsea
2017-12-22	Vitek – Remote Command Execution / Information Disclosure (PoC)	remote	multiple	bashis
2017-12-20	Microsoft Windows Kernel – ‘NtQueryVirtualMemory(MemoryMappedFilenameInformation)’ Double-Write Ring-0 Address Leak	dos	windows	Google Security Research
2017-12-20	BEIMS ContractorWeb 5.18.0.0 – SQL Injection	webapps	windows	Rajwinder Singh
2017-12-20	Ability Mail Server 3.3.2 – Cross-Site Scripting	webapps	multiple	Aloyce J. Makalanga
2017-12-20	Conarc iChannel – Improper Access Restrictions	webapps	multiple	Information Paradox
2017-12-20	Samsung Internet Browser – SOP Bypass (Metasploit)	remote	android	Dhiraj Mishra
2017-12-19	Microsoft Windows – ‘jscript!RegExpComp::Compile’ Heap Overflow Through IE or Local Network via WPAD	dos	windows	Google Security Research
2017-12-19	Ichano AtHome IP Cameras – Multiple Vulnerabilities	remote	hardware	SecuriTeam
2017-12-19	Microsoft Internet Explorer 11 – ‘jscript!JSONStringifyObject’ Use-After-Free	dos	windows	Google Security Research
2017-12-19	Microsoft Windows – ‘jscript!NameTbl::GetValDef’ Use-After-Free	dos	windows	Google Security Research
2017-12-19	Joomla! Component NextGen Editor 2.1.0 – ‘plname’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-19	BrightSign Digital Signage – Multiple Vulnerablities	webapps	hardware	Information Paradox
2017-12-19	Jenkins – XStream Groovy classpath Deserialization (Metasploit)	remote	multiple	Metasploit
2017-12-19	Tuleap 9.6 – Second-Order PHP Object Injection (Metasploit)	remote	php	Metasploit
2017-12-19	Intel Content Protection HECI Service – Type Confusion Privilege Escalation	dos	windows	Google Security Research
2017-12-19	Trend Micro Smart Protection Server – Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control	remote	multiple	CoreLabs
2017-12-19	Microsoft Windows – ‘jscript!RegExpFncObj::LastParen’ Out-of-Bounds Read	dos	windows	Google Security Research
2017-12-19	Microsoft Windows – ‘jscript!JsArraySlice’ Uninitialized Variable	dos	windows	Google Security Research
2017-12-19	Microsoft Windows – jscript.dll ‘Array.sort’ Heap Overflow	dos	windows	Google Security Research
2017-12-18	Outlook for Android – Attachment Download Directory Traversal	remote	android	Google Security Research
2017-12-18	CDex 1.96 – Buffer Overflow (PoC)	dos	windows	bzyo
2017-12-18	Joomla! Component Guru Pro – ‘promocode’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-18	Joomla! Component JB Visa 1.0 – ‘visatype’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-18	Cells Blog 3.5 – ‘bgid’ / ‘fmid’ / ‘fnid’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-18	Monstra CMS 3.0.4 – (Authenticated) Arbitrary File Upload / Remote Code Execution	webapps	php	Ishaq Mohammed
2017-12-18	Ciuis CRM 1.0.7 – SQL Injection	webapps	php	Zahid Abbasi
2017-12-18	GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution	remote	linux	Daniel Hodson
2017-12-18	Joomla! Component My Projects 2.0 – SQL Injection	webapps	php	Ihsan Sencan
2017-12-18	Joomla! Component User Bench 1.0 – ‘userid’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-18	Western Digital MyCloud – ‘multi_uploadify’ File Upload (Metasploit)	remote	php	Metasploit
2017-12-18	Zoom Linux Client 2.0.106600.0904 – Stack-Based Buffer Overflow (PoC)	dos	linux	Conviso
2017-12-18	Zoom Linux Client 2.0.106600.0904 – Command Injection	dos	linux	Conviso
2017-12-15	Movie Guide 2.0 – SQL Injection	webapps	php	Ihsan Sencan
2017-12-15	Linux kernel < 4.10.15 - Race Condition Privilege Escalation	local	linux	anonymous
2017-12-15	Sync Breeze 10.2.12 – Denial of Service	dos	windows	Manuel García Cárdenas
2017-12-15	ITGuard-Manager 0.0.0.1 – Remote Code Execution	webapps	cgi	Nassim Asrir
2017-12-14	Piwigo 2.9.1 – ‘cat_true’ / ‘cat_false’ SQL Injection	webapps	php	Akityo
2017-12-14	Bus Booking Script 1.0 – ‘txtname’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-14	Paid To Read Script 2.0.5 – ‘uid’ / ‘fnum’ / ‘fn’ SQL Injection	webapps	php	Ihsan Sencan
2017-12-14	Readymade Video Sharing Script 3.2 – HTML Injection	webapps	php	Ihsan Sencan
2017-12-14	FS Lynda Clone 1.0 – SQL Injection	webapps	php	Ihsan Sencan
2017-12-14	Linksys WVBR0 – ‘User-Agent’ Remote Command Injection	webapps	hardware	nixawk
2017-12-14	Multiple OEM – ‘nsd’ Remote Stack Format String (PoC)	dos	multiple	bashis
2017-12-14	Palo Alto Networks Firewalls – Root Remote Code Execution	remote	hardware	Philip Pettersson
2017-12-14	pfSense 2.4.1 – Cross-Site Request Forgery Error Page Clickjacking (Metasploit)	remote	php	Metasploit
2017-12-14	Advantech WebAccess 8.2-2017.03.31 – Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)	webapps	windows	Metasploit
2017-12-14	Dup Scout Enterprise – ‘Login’ Buffer Overflow (Metasploit)	remote	windows	Metasploit
2017-12-14	Microsoft Office – Dynamic Data Exchange ‘DDE’ Payload Delivery (Metasploit)	remote	windows	Metasploit
2017-12-13	Meinberg LANTIME Web Configuration Utility 6.16.008 – Arbitrary File Read	webapps	cgi	Jakub Palaczynski