Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2022-05-17

T-Soft E-Commerce 4 – ‘UrunAdi’ Stored Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• Alperen Ergel
    2022-05-17

    Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• Pankaj Kumar Thakur
    2022-05-17

    SDT-CW3B1 1.1.0 – OS Command Injection
  • remote
  • hardware
    		• Ahmed Alroky
    2022-05-12

    TLR-2005KSH – Arbitrary File Delete
  • webapps
  • hardware
    		• Ahmed Alroky
    2022-05-12

    Royal Event Management System 1.0 – ‘todate’ SQL Injection (Authenticated)
  • webapps
  • php
    		• Eren Gozaydin
    2022-05-12

    College Management System 1.0 – ‘course_code’ SQL Injection (Authenticated)
  • webapps
  • php
    		• Eren Gozaydin
    2022-05-12

    F5 BIG-IP 16.0.x – Remote Code Execution (RCE)
  • remote
  • multiple
    		• Yesith Alvarez
    2022-05-11

    WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated)
  • webapps
  • php
    		• Hassan Khan Yusufzai
    2022-05-11

    ExifTool 12.23 – Arbitrary Code Execution
  • local
  • linux
    		• UNICORD
    2022-05-11

    WordPress Plugin Advanced Uploader 4.2 – Arbitrary File Upload (Authenticated)
  • webapps
  • php
    		• Roel van Beurden
    2022-05-11

    Joomla Plugin SexyPolling 2.1.7 – SQLi
  • webapps
  • php
    		• Wolfgang Hotwagner
    2022-05-11

    e107 CMS v3.2.1 – Multiple Vulnerabilities
  • webapps
  • php
    		• Hubert Wojciechowski
    2022-05-11

    USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor
  • remote
  • hardware
    		• LiquidWorm
    2022-05-11

    WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF)
  • webapps
  • php
    		• Abisheik M
    2022-05-11

    Cyclos 4.14.7 – ‘groupId’ DOM Based Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• Tin Pham
    2022-05-11

    WebTareas 2.4 – Blind SQLi (Authenticated)
  • webapps
  • php
    		• Behrad Taher
    2022-05-11

    MyBB 1.8.29 – MyBB 1.8.29 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• Altelus
    2022-05-11

    Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• Tin Pham
    2022-05-11

    Akka HTTP 10.1.14 – Denial of Service
  • remote
  • multiple
    		• cxosmo
    2022-05-11

    Beehive Forum – Account Takeover
  • webapps
  • php
    		• Pablo Santiago
    2022-05-11

    DLINK DIR850 – Open Redirect
  • remote
  • hardware
    		• Ahmed Alroky
    2022-05-11

    Microfinance Management System 1.0 – ‘customer_number’ SQLi
  • webapps
  • php
    		• Eren Gozaydin
    2022-05-11

    PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Andrea Intilangelo
    2022-05-11

    DLINK DIR850 – Insecure Access Control
  • remote
  • hardware
    		• Ahmed Alroky
    2022-05-11

    ImpressCMS v1.4.4 – Unrestricted File Upload
  • webapps
  • php
    		• Ünsal Furkan Harani
    2022-05-11

    Navigate CMS 2.9.4 – Server-Side Request Forgery (SSRF) (Authenticated)
  • webapps
  • php
    		• cheshireca7
    2022-05-11

    Prime95 Version 30.7 build 9 – Remote Code Execution (RCE)
  • remote
  • windows
    		• Yehia Elghaly
    2022-05-11

    Explore CMS 1.0 – SQL Injection
  • webapps
  • php
    		• Sajibe Kanti
    2022-05-11

    ManageEngine ADSelfService Plus Build 6118 – NTLMv2 Hash Exposure
  • remote
  • windows
    		• Metin Yunus Kandemir
    2022-05-11

    DLINK DAP-1620 A1 v1.01 – Directory Traversal
  • remote
  • hardware
    		• Momen Eldawakhly
    2022-05-11

    Wondershare Dr.Fone 11.4.10 – Insecure File Permissions
  • local
  • windows
    		• AkuCyberSec
    2022-05-11

    PyScript – Read Remote Python Source Code
  • remote
  • Python
    		• Momen Eldawakhly
    2022-05-11

    TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path
  • local
  • windows
    		• Edgar Carrillo Egea
    2022-05-11

    Google Chrome 78.0.3904.70 – Remote Code Execution
  • remote
  • multiple
    		• Forrest Orr
    2022-05-11

    UDisk Monitor Z5 Phone – ‘MonServiceUDisk.exe’ Unquoted Service Path
  • local
  • windows
    		• Edgar Carrillo Egea
    2022-05-11

    Tenda HG6 v3.3.0 – Remote Command Injection
  • remote
  • hardware
    		• LiquidWorm
    2022-05-11

    SAP BusinessObjects Intelligence 4.3 – XML External Entity (XXE)
  • remote
  • multiple
    		• West Shepherd
    2022-05-11

    Anuko Time Tracker – SQLi (Authenticated)
  • webapps
  • php
    		• Altelus
    2022-05-11

    CSZ CMS 1.3.0 – ‘Multiple’ Blind SQLi
  • webapps
  • php
    		• Dogukan Dincer
    2022-05-11

    Apache CouchDB 3.2.1 – Remote Code Execution (RCE)
  • remote
  • linux
    		• Konstantin Burov
    2022-05-11

    Bitrix24 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• heinjame
    2022-05-11

    TLR-2005KSH – Arbitrary File Upload
  • webapps
  • hardware
    		• Ahmed Alroky
    2022-05-11

    Wondershare Dr.Fone 12.0.7 – Remote Code Execution (RCE)
  • remote
  • windows
    		• Netanel Cohen
    2022-05-11

    Bookeen Notea – Directory Traversal
  • remote
  • android
    		• Clement MAILLIOUX
    2022-05-11

    Ruijie Reyee Mesh Router – Remote Code Execution (RCE) (Authenticated)
  • remote
  • hardware
    		• Minh Khoa
    2022-05-11

    Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService)
  • local
  • windows
    		• Netanel Cohen
    2022-05-11

    Magento eCommerce CE v2.3.5-p2 – Blind SQLi
  • webapps
  • php
    		• Aydin Naserifard
    2022-04-26

    GitLab 14.9 – Stored Cross-Site Scripting (XSS)
  • webapps
  • ruby
    		• Greenwolf
    2022-04-26

    Gitlab 14.9 – Authentication Bypass
  • webapps
  • ruby
    		• Greenwolf
    2022-04-19

    REDCap 11.3.9 – Stored Cross Site Scripting
  • webapps
  • php
    		• Kendrick Lam