Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24443Exploits

日期	标题	类型	平台	作者
2021-12-03	Online Magazine Management System 1.0 – SQLi Authentication Bypass	webapps	php	Mohamed habib Smidi
2021-12-03	Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass	webapps	php	Mohamed habib Smidi
2021-12-03	WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated)	webapps	php	Uriel Yochpaz
2021-12-01	MilleGPG5 5.7.2 Luglio 2021 – Local Privilege Escalation	local	windows	Alessandro Salzano
2021-12-01	Online Enrollment Management System in PHP and PayPal 1.0 – ‘U_NAME’ Stored Cross-Site Scripting	webapps	php	Tushar Jadhav
2021-11-30	Laundry Booking Management System 1.0 – Remote Code Execution (RCE)	webapps	php	Pablo Santiago
2021-11-29	opencart 3.0.3.8 – Sessjion Injection	webapps	php	Hubert Wojciechowski
2021-11-29	orangescrum 1.8.0 – ‘Multiple’ Cross-Site Scripting (XSS) (Authenticated)	webapps	multiple	Hubert Wojciechowski
2021-11-29	orangescrum 1.8.0 – ‘Multiple’ SQL Injection (Authenticated)	webapps	multiple	Hubert Wojciechowski
2021-11-29	orangescrum 1.8.0 – Privilege escalation (Authenticated)	webapps	multiple	Hubert Wojciechowski
2021-11-26	Bagisto 1.3.3 – Client-Side Template Injection	webapps	multiple	Mohamed Abdellatif Jaber
2021-11-24	CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)	webapps	php	S1lv3r
2021-11-24	HTTPDebuggerPro 9.11 – Unquoted Service Path	local	windows	Aryan Chehreghani
2021-11-23	Webrun 3.6.0.42 – ‘P_0’ SQL Injection	webapps	multiple	Vinicius Alves
2021-11-23	Linux Kernel 5.1.x – ‘PTRACE_TRACEME’ pkexec Local Privilege Escalation (2)	local	linux	Ujas Dhami
2021-11-23	WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure	webapps	php	Keyvan Hardani
2021-11-23	GNU gdbserver 9.2 – Remote Command Execution (RCE)	remote	linux	Roberto Gesteira Miñarro
2021-11-23	FLEX 1085 Web 1.6.0 – HTML Injection	webapps	multiple	Mr Empy
2021-11-23	Bus Pass Management System 1.0 – ‘Search’ SQL injection	webapps	php	Abhijeet Singh
2021-11-22	Aimeos Laravel ecommerce platform 2021.10 LTS – ‘sort’ SQL injection	webapps	php	Ilker Burak ADIYAMAN
2021-11-22	Modbus Slave 7.3.1 – Buffer Overflow (DoS)	dos	windows	Yehia Elghaly
2021-11-22	Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)	dos	windows	Yehia Elghaly
2021-11-17	WordPress Plugin Smart Product Review 1.0.4 – Arbitrary File Upload	webapps	php	Keyvan Hardani
2021-11-17	GitLab 13.10.2 – Remote Code Execution (RCE) (Unauthenticated)	webapps	ruby	Jacob Baines
2021-11-17	SuiteCRM 7.11.18 – Remote Code Execution (RCE) (Authenticated) (Metasploit)	webapps	php	M. Cory Billington
2021-11-17	Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)	webapps	php	Rahad Chowdhury
2021-11-17	Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)	webapps	php	Vasu
2021-11-16	CMDBuild 3.3.2 – ‘Multiple’ Cross Site Scripting (XSS)	webapps	multiple	Hosein Vita
2021-11-16	Online Learning System 2.0 – Remote Code Execution (RCE)	webapps	php	djebbaranon
2021-11-15	Fuel CMS 1.4.13 – ‘col’ Blind SQL Injection (Authenticated)	webapps	php	Rahad Chowdhury
2021-11-15	Simple Subscription Website 1.0 – SQLi Authentication Bypass	webapps	php	Daniel Haro
2021-11-15	KONGA 0.14.9 – Privilege Escalation	webapps	multiple	Fabricio Salomao
2021-11-15	WordPress Plugin WPSchoolPress 2.1.16 – ‘Multiple’ Cross Site Scripting (XSS)	webapps	php	Davide Taraschi
2021-11-15	PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)	webapps	php	Hosein Vita
2021-11-15	WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated)	webapps	php	Mohammed Aadhil Ashfaq
2021-11-12	Mumara Classic 2.93 – ‘license’ SQL Injection (Unauthenticated)	webapps	multiple	Shain Lakin
2021-11-12	Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation	local	windows	Marcio Mendes
2021-11-12	Xlight FTP 3.9.3.1 – Buffer Overflow (PoC)	dos	windows	Yehia Elghaly
2021-11-12	WordPress Plugin AccessPress Social Icons 1.8.2 – ‘icon title’ Stored Cross-Site Scripting (XSS)	webapps	php	Murat DEMİRCİ
2021-11-12	WordPress Plugin WP Symposium Pro 2021.10 – ‘wps_admin_forum_add_name’ Stored Cross-Site Scripting (XSS)	webapps	php	Murat DEMİRCİ
2021-11-11	FormaLMS 2.4.4 – Authentication Bypass	webapps	multiple	Cristian \'void\' Giustini
2021-11-11	Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3)	webapps	multiple	Valentin Lobstein
2021-11-11	AbsoluteTelnet 11.24 – ‘Phone’ Denial of Service (PoC)	dos	windows	Yehia Elghaly
2021-11-11	AbsoluteTelnet 11.24 – ‘Username’ Denial of Service (PoC)	dos	windows	Yehia Elghaly
2021-11-11	YeaLink SIP-TXXXP 53.84.0.15 – ‘cmd’ Command Injection (Authenticated)	webapps	hardware	tahaafarooq
2021-11-10	Employee and Visitor Gate Pass Logging System 1.0 – ‘name’ Stored Cross-Site Scripting (XSS)	webapps	php	İlhami Selamet
2021-11-10	Employee Daily Task Management System 1.0 – ‘Name’ Stored Cross-Site Scripting (XSS)	webapps	php	Ragavender A G
2021-11-08	FusionPBX 4.5.29 – Remote Code Execution (RCE) (Authenticated)	webapps	php	Luska
2021-11-08	zlog 1.2.15 – Buffer Overflow	local	multiple	LIWEI
2021-11-08	WordPress Plugin Backup and Restore 1.0.3 – Arbitrary File Deletion	webapps	php	Murat DEMİRCİ