Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2017-02-04

Alstrasoft Flippa Clone MarketPlace Script 4.10 – Cross-Site Request Forgery (Add Admin)
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-04

    Alstrasoft Video Share Enterprise 4.72 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-04

    Alstrasoft e-Friends 5.12 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-04

    Alstrasoft ProTaxi Enterprise 3.5 – Arbitrary File Upload
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-04

    Alstrasoft EPay Enterprise 5.17 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-04

    iScripts EasyCreate 3.2 – ‘siteid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-03

    ntfs-3g (Debian 9) – Local Privilege Escalation
  • local
  • linux
    		• Kristian Erik Hermansen
    2017-02-03

    Posnic Stock Management System – SQL Injection
  • remote
  • php
    		• Manish Tanwar
    2017-02-03

    Zoneminder 1.29/1.30 – Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
  • webapps
  • php
    		• Tim Herres
    2017-02-03

    Itech Multi Vendor Script 6.49 – SQL Injection
  • webapps
  • php
    		• Th3GundY
    2017-02-03

    Netwave IP Camera – Password Disclosure
  • remote
  • hardware
    		• spiritnull
    2017-02-03

    SlimarUSER Management 1.0 – ‘id’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-02-03

    CUPS < 2.0.3 - Remote Command Execution
  • remote
  • linux
    		• @0x00string
    2017-02-02

    Google Android – ‘rkp_set_init_page_ro’ RKP Memory Corruption
  • dos
  • android
    		• Google Security Research
    2017-02-02

    Itech Travel Portal Script 9.35 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-02

    Itech Movie Portal Script 7.37 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-02

    Itech Auction Script 6.49 – ‘pid’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-02

    Itech News Portal Script 6.28 – ‘sc’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-02

    Itech Inventory Management Software 3.77 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-02-02

    Property Listing Script – ‘propid’ Blind SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-02-02

    WordPress Core 4.7.0/4.7.1 – Content Injection (Ruby)
  • webapps
  • linux
    		• Harsh Jaiswal
    2017-02-02

    WordPress Core 4.7.0/4.7.1 – Content Injection
  • webapps
  • linux
    		• leonjza
    2017-02-02

    Ghostscript 9.20 – ‘Filename’ Command Execution
  • local
  • windows
    		• hyp3rlinx
    2017-02-01

    Google Chrome – ‘HTMLKeygenElement::shadowSelect()’ Type Confusion
  • dos
  • multiple
    		• Google Security Research
    2017-02-01

    Apple WebKit – ‘HTMLFormElement::reset()’ Use-After Free
  • dos
  • osx
    		• Google Security Research
    2017-02-01

    Google Android – Unprotected MSRs in EL1 RKP Privilege Escalation
  • dos
  • android
    		• Google Security Research
    2017-02-01

    Google Android – ‘cfp_ropp_new_key_reenc’ / ‘cfp_ropp_new_key’ RKP Memory Corruption
  • dos
  • android
    		• Google Security Research
    2017-02-01

    LogoStore – ‘query’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-02-01

    Microsoft Windows 10 – SMBv3 Tree Connect (PoC)
  • dos
  • windows
    		• laurent gaffie
    2017-02-01

    QNAP NVR/NAS Devices – Buffer Overflow (PoC)
  • dos
  • hardware
    		• bashis
    2017-02-01

    Google Android – RKP Information Disclosure via s2-remapping Physical Ranges
  • dos
  • android
    		• Google Security Research
    2017-02-01

    Google Android – RKP EL1 Code Loading Bypass
  • local
  • android
    		• Google Security Research
    2017-02-01

    Apple WebKit – Type Confusion in RenderBox with Accessibility Enabled
  • dos
  • multiple
    		• Google Security Research
    2017-02-01

    Apple WebKit – ‘HTMLKeygenElement’ Type Confusion
  • dos
  • multiple
    		• Google Security Research
    2017-01-31

    Billion / TrueOnline / ZyXEL Routers – Multiple Vulnerabilities
  • webapps
  • hardware
    		• Pedro Ribeiro
    2017-01-31

    AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
  • webapps
  • php
    		• Mehmet Ince
    2017-01-31

    Netman 204 – Backdoor Account / Password Reset
  • webapps
  • hardware
    		• Simon Gurney
    2017-01-31

    Viscosity 1.6.7 – Local Privilege Escalation
  • local
  • windows
    		• Kacper Szurek
    2017-01-30

    PHP Product Designer Script – Arbitrary File Upload
  • webapps
  • php
    		• Ihsan Sencan
    2017-01-30

    Itech Real Estate Script 3.12 – SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech News Portal Script 6.28 – ‘inf’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech Multi Vendor Script 6.49 – ‘pl’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech Freelancer Script 5.13 – SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech Dating Script 3.26 – SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Netgear Routers – Password Disclosure
  • webapps
  • hardware
    		• Trustwave's SpiderLabs
    2017-01-30

    Itech Classifieds Script 7.27 – ‘scat’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech Video Sharing Script 4.94 – SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-01-30

    Itech B2B Script 4.28 – SQL Injection
  • webapps
  • php
    		• Kaan KAMIS
    2017-01-30

    Itech Real Estate Script 3.12 – ‘id’ SQL Injection
  • webapps
  • php
    		• Ihsan Sencan
    2017-01-30

    Itech Auction Script 6.49 – ‘mcid’ SQL Injection
  • webapps
  • php
    		• Kaan KAMIS