Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24745Exploits

日期	标题	类型	平台	作者
2021-10-25	Engineers Online Portal 1.0 – ‘multiple’ Stored Cross-Site Scripting (XSS)	webapps	php	Alon Leviev
2021-10-25	Online Event Booking and Reservation System 1.0 – ‘reason’ Stored Cross-Site Scripting (XSS)	webapps	php	Alon Leviev
2021-10-25	Gestionale Open 11.00.00 – Local Privilege Escalation	local	windows	Alessandro Salzano
2021-10-25	OpenClinic GA 5.194.18 – Local Privilege Escalation	local	windows	Alessandro Salzano
2021-10-25	Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated)	webapps	php	blockomat2100
2021-10-25	Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (2)	webapps	multiple	ThelastVvV
2021-10-25	Build Smart ERP 21.0817 – ‘eidValue’ SQL Injection (Unauthenticated)	webapps	asp	Nehru Sethuraman
2021-10-25	Engineers Online Portal 1.0 – File Upload Remote Code Execution (RCE)	webapps	php	SadKris
2021-10-25	Netgear Genie 2.4.64 – Unquoted Service Path	local	windows	Mert Daş
2021-10-25	WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated)	webapps	php	Akash Patil
2021-10-22	Online Course Registration 1.0 – Blind Boolean-Based SQL Injection (Authenticated)	webapps	php	Sam Ferguson
2021-10-22	Clinic Management System 1.0 – SQL injection to Remote Code Execution	webapps	php	Pablo Santiago
2021-10-22	Jetty 9.4.37.v20210219 – Information Disclosure	webapps	java	Mayank Deshmukh
2021-10-21	Easy Chat Server 3.1 – Directory Traversal and Arbitrary File Read	webapps	windows	z4nd3r
2021-10-21	Small CRM 3.0 – ‘description’ Stored Cross-Site Scripting (XSS)	webapps	php	Ghuliev
2021-10-21	NIMax 5.3.1f0 – ‘VISA Alias’ Denial of Service (PoC)	dos	windows	LinxzSec
2021-10-21	NIMax 5.3.1 – ‘Remote VISA System’ Denial of Service (PoC)	dos	windows	LinxzSec
2021-10-20	Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation	webapps	php	Oscar Gil Gutierrez
2021-10-20	Macro Expert 4.7 – Unquoted Service Path	local	windows	Mert Daş
2021-10-20	SonicWall SMA 10.2.1.0-17sv – Password Reset	webapps	hardware	Jacob Baines
2021-10-19	Online Motorcycle (Bike) Rental System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)	webapps	php	Chase Comardelle
2021-10-19	myfactory FMS 7.1-911 – ‘Multiple’ Reflected Cross-Site Scripting (XSS)	webapps	multiple	RedTeam Pentesting GmbH
2021-10-19	WordPress Theme Enfold 4.8.3 – Reflected Cross-Site Scripting (XSS)	webapps	php	David Álvarez Robles
2021-10-18	Company’s Recruitment Management System 1.0. – ‘title’ Stored Cross-Site Scripting (XSS)	webapps	php	Aniket Deshmane
2021-10-18	WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read	webapps	php	nam3lum
2021-10-18	Support Board 3.3.4 – ‘Message’ Stored Cross-Site Scripting (XSS)	webapps	php	John Jefferson Li
2021-10-18	Plastic SCM 10.0.16.5622 – WebAdmin Server Access	webapps	multiple	Basavaraj Banakar
2021-10-18	Company’s Recruitment Management System 1.0 – ‘Add New user’ Cross-Site Request Forgery (CSRF)	webapps	php	Aniket Deshmane
2021-10-18	Company’s Recruitment Management System 1.0 – ‘description’ Stored Cross-Site Scripting (XSS)	webapps	php	Aniket Deshmane
2021-10-18	Mitsubishi Electric & INEA SmartRTU – Reflected Cross-Site Scripting (XSS)	webapps	hardware	Hamit CİBO
2021-10-18	Mitsubishi Electric & INEA SmartRTU – Source Code Disclosure	webapps	hardware	Hamit CİBO
2021-10-15	i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS)	webapps	php	Forster Chiu
2021-10-14	SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path	local	windows	Mert Daş
2021-10-14	TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated)	webapps	php	Mert Daş
2021-10-13	Online Learning System 2.0 – ‘Multiple’ SQLi Authentication Bypass	webapps	php	Blackhan
2021-10-13	Pharmacy Point of Sale System 1.0 – ‘Add New User’ Cross-Site Request Forgery (CSRF)	webapps	php	Murat DEMİRCİ
2021-10-13	Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection	remote	hardware	LiquidWorm
2021-10-13	Cypress Solutions CTM-200/CTM-ONE – Hard-coded Credentials Remote Root (Telnet/SSH)	remote	hardware	LiquidWorm
2021-10-13	Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE)	webapps	multiple	Lucas Souza
2021-10-13	Keycloak 12.0.1 – ‘request_uri ‘ Blind Server-Side Request Forgery (SSRF) (Unauthenticated)	webapps	java	Mayank Deshmukh
2021-10-13	Company’s Recruitment Management System 1.0 – ‘Multiple’ SQL Injection (Unauthenticated)	webapps	php	Yash Mahajan
2021-10-13	Simple Payroll System 1.0 – SQLi Authentication Bypass	webapps	php	Yash Mahajan
2021-10-13	Sonicwall SonicOS 7.0 – Host Header Injection	webapps	hardware	Ramikan
2021-10-13	Logitech Media Server 8.2.0 – ‘Title’ Cross-Site Scripting (XSS)	webapps	multiple	Mert Daş
2021-10-13	Student Quarterly Grading System 1.0 – ‘grade’ Stored Cross-Site Scripting (XSS)	webapps	php	Hüseyin Serkan Balkanli
2021-10-13	Simple Issue Tracker System 1.0 – SQLi Authentication Bypass	webapps	php	Bekir Bugra TURKOGLU
2021-10-08	Loan Management System 1.0 – SQLi Authentication Bypass	webapps	php	Merve Oral
2021-10-08	Cmder Console Emulator 1.3.18 – ‘Cmder.exe’ Denial of Service (PoC)	local	windows	Aryan Chehreghani
2021-10-08	Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass	webapps	php	Merve Oral
2021-10-08	Online Enrollment Management System 1.0 – Authentication Bypass	webapps	php	Amine ismail