Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24745Exploits

日期	标题	类型	平台	作者
2022-01-18	OpenBMCS 2.4 – Information Disclosure	webapps	php	LiquidWorm
2022-01-18	OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)	webapps	php	LiquidWorm
2022-01-18	OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation	webapps	php	LiquidWorm
2022-01-18	OpenBMCS 2.4 – SQLi (Authenticated)	webapps	php	LiquidWorm
2022-01-18	OpenBMCS 2.4 – Cross Site Request Forgery (CSRF)	webapps	php	LiquidWorm
2022-01-18	Online Resort Management System 1.0 – SQLi (Authenticated)	webapps	php	Gaurav Grover
2022-01-18	Archeevo 5.0 – Local File Inclusion	remote	windows	Miguel Santareno
2022-01-18	WorkTime 10.20 Build 4967 – Unquoted Service Path	local	windows	Yehia Elghaly
2022-01-13	Hospitals Patient Records Management System 1.0 – ‘doctors’ Stored Cross Site Scripting (XSS)	webapps	php	Sant268
2022-01-13	Hospitals Patient Records Management System 1.0 – ‘room_list’ Stored Cross Site Scripting (XSS)	webapps	php	Sant268
2022-01-13	Hospitals Patient Records Management System 1.0 – ‘room_types’ Stored Cross Site Scripting (XSS)	webapps	php	Sant268
2022-01-13	WordPress Core 5.8.2 – ‘WP_Query’ SQL Injection	webapps	php	Aryan Chehreghani
2022-01-13	Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated)	webapps	php	Himash
2022-01-13	Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS)	webapps	php	Himash
2022-01-13	Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated)	webapps	php	Himash
2022-01-13	SalonERP 3.0.1 – ‘sql’ SQL Injection (Authenticated)	webapps	php	Betul Denizler
2022-01-12	WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated)	webapps	php	Veshraj Ghimire
2022-01-12	Microsoft Windows Defender – Detections Bypass	local	windows	hyp3rlinx
2022-01-12	Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass	local	windows	hyp3rlinx
2022-01-10	CoreFTP Server build 725 – Directory Traversal (Authenticated)	remote	windows	LiamInfosec
2022-01-10	Open-AudIT Community 4.2.0 – Cross-Site Scripting (XSS) (Authenticated)	webapps	php	Dominic Clark
2022-01-10	VUPlayer 2.49 – ‘.wax’ Local Buffer Overflow (DEP Bypass)	local	windows	Bryan Leong
2022-01-10	Online Railway Reservation System 1.0 – ‘Multiple’ Stored Cross Site Scripting (XSS) (Unauthenticated)	webapps	php	Zachary Asher
2022-01-10	Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)	webapps	php	Zachary Asher
2022-01-10	Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated)	webapps	php	Zachary Asher
2022-01-10	Online Railway Reservation System 1.0 – ‘id’ SQL Injection (Unauthenticated)	webapps	php	twseptian
2022-01-10	HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS)	webapps	windows	Oscar Sandén
2022-01-07	Online Veterinary Appointment System 1.0 – ‘Multiple’ SQL Injection	webapps	php	twseptian
2022-01-05	Automox Agent 32 – Local Privilege Escalation	local	windows	Greg Foss
2022-01-05	SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS)	webapps	php	Momen Eldawakhly
2022-01-05	Projeqtor v9.3.1 – Stored Cross Site Scripting (XSS)	webapps	php	Oscar Gil Gutierrez
2022-01-05	Library System in PHP 1.0 – ‘publisher name’ Stored Cross-Site Scripting (XSS)	webapps	php	Akash Patil
2022-01-05	Gerapy 0.9.7 – Remote Code Execution (RCE) (Authenticated)	remote	Python	Jeremiasz Pluta
2022-01-05	WordPress Plugin The True Ranker 2.2.2 – Arbitrary File Read (Unauthenticated)	webapps	php	Liad Levy
2022-01-05	Dixell XWEB 500 – Arbitrary File Write	remote	hardware	Roberto Palamaro
2022-01-05	Online Admission System 1.0 – Remote Code Execution (RCE) (Unauthenticated)	webapps	php	Jeremiasz Pluta
2022-01-05	TermTalk Server 3.24.0.2 – Arbitrary File Read (Unauthenticated)	remote	windows	Fabiano Golluscio
2022-01-05	Movie Rating System 1.0 – SQLi to RCE (Unauthenticated)	webapps	php	Tagoletta
2022-01-05	openSIS Student Information System 8.0 – ‘multiple’ SQL Injection	webapps	php	securityforeveryone.com
2022-01-05	Movie Rating System 1.0 – Broken Access Control (Admin Account Creation) (Unauthenticated)	webapps	php	Tagoletta
2022-01-05	Vodafone H-500-s 3.5.10 – WiFi Password Disclosure	webapps	hardware	Daniel Monzón
2022-01-05	Accu-Time Systems MAXIMUS 1.0 – Telnet Remote Buffer Overflow (DoS)	remote	hardware	Yehia Elghaly
2022-01-05	Terramaster TOS 4.2.15 – Remote Code Execution (RCE) (Unauthenticated)	webapps	php	n0tme
2022-01-05	WordPress Plugin WP Visitor Statistics 4.7 – SQL Injection	webapps	php	Ron Jost
2022-01-05	Virtual Airlines Manager 2.6.2 – ‘multiple’ SQL Injection	webapps	php	Milad karimi
2022-01-05	ConnectWise Control 19.2.24707 – Username Enumeration	remote	multiple	Luca Cuzzolin
2022-01-05	TRIGONE Remote System Monitor 3.61 – Unquoted Service Path	local	windows	Yehia Elghaly
2022-01-05	WordPress Plugin Contact Form Entries 1.1.6 – Cross Site Scripting (XSS) (Unauthenticated)	webapps	php	Gaetano Perrone
2022-01-05	BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated)	webapps	multiple	Malcrove
2022-01-05	RiteCMS 3.1.0 – Remote Code Execution (RCE) (Authenticated)	webapps	php	faisalfs10x