Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2021-06-28

Netgear WNAP320 2.0.3 – ‘macAddress’ Remote Code Execution (RCE) (Unauthenticated)

  • webapps
  • hardware
  • Bryan Leong
    2021-06-28

    Atlassian Jira Server Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS)

  • webapps
  • macos
  • Captain_hook
    2021-06-28

    WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS)

  • webapps
  • php
  • Toby Jackson
    2021-06-25

    Seeddms 5.1.10 – Remote Command Execution (RCE) (Authenticated)

  • webapps
  • php
  • Bryan Leong
    2021-06-25

    SAPSprint 7.60 – ‘SAPSprint’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-25

    Lightweight facebook-styled blog 1.3 – Remote Code Execution (RCE) (Authenticated) (Metasploit)

  • webapps
  • php
  • Maide Ilkay Aydogdu
    2021-06-25

    Simple Client Management System 1.0 – ‘uemail’ SQL Injection (Unauthenticated)

  • webapps
  • php
  • Barış Yıldızoğlu
    2021-06-24

    TP-Link TL-WR841N – Command Injection

  • webapps
  • hardware
  • Koh You Liang
    2021-06-24

    Adobe ColdFusion 8 – Remote Command Execution (RCE)

  • webapps
  • cfm
  • Pergyz
    2021-06-24

    VMware vCenter Server 7.0 – Remote Code Execution (RCE) (Unauthenticated)

  • webapps
  • multiple
  • CHackA0101
    2021-06-23

    Simple CRM 3.0 – ’email’ SQL injection (Authentication Bypass)

  • webapps
  • php
  • Rinku Kumar
    2021-06-23

    Online Library Management System 1.0 – Arbitrary File Upload Remote Code Execution (Unauthenticated)

  • webapps
  • php
  • Berk Can Geyikci
    2021-06-23

    Online Library Management System 1.0 – ‘Search’ SQL Injection

  • webapps
  • php
  • Berk Can Geyikci
    2021-06-23

    WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 – ‘date_answers’ Blind SQL Injection

  • webapps
  • php
  • Toby Jackson
    2021-06-23

    WordPress Plugin WP Google Maps 8.1.11 – Stored Cross-Site Scripting (XSS)

  • webapps
  • php
  • Mohammed Adam
    2021-06-22

    Phone Shop Sales Managements System 1.0 – Insecure Direct Object Reference (IDOR)

  • webapps
  • php
  • Pratik Khalane
    2021-06-22

    Responsive Tourism Website 3.1 – Remote Code Execution (RCE) (Unauthenticated)

  • webapps
  • php
  • Tagoletta
    2021-06-21

    Simple CRM 3.0 – ‘Change user information’ Cross-Site Request Forgery (CSRF)

  • webapps
  • php
  • Riadh Benlamine
    2021-06-21

    Websvn 2.6.0 – Remote Code Execution (Unauthenticated)

  • webapps
  • php
  • g0ldm45k
    2021-06-21

    iFunbox 4.2 – ‘Apple Mobile Device Service’ Unquoted Service Path

  • local
  • windows
  • Julio Aviña
    2021-06-21

    Solaris SunSSH 11.0 x86 – libpam Remote Root (3)

  • remote
  • solaris
  • Nathaniel Singer
    2021-06-21

    Wise Care 365 5.6.7.568 – ‘WiseBootAssistant’ Unquoted Service Path

  • local
  • windows
  • Julio Aviña
    2021-06-21

    OpenEMR 5.0.1.7 – ‘fileName’ Path Traversal (Authenticated)

  • webapps
  • php
  • Ron Jost
    2021-06-21

    Remote Mouse GUI 3.008 – Local Privilege Escalation

  • local
  • windows
  • Salman Asad
    2021-06-21

    Customer Relationship Management System (CRM) 1.0 – Remote Code Execution

  • webapps
  • php
  • Ishan Saha
    2021-06-21

    Lexmark Printer Software G2 Installation Package 1.8.0.0 – ‘LM__bdsvc’ Unquoted Service Path

  • local
  • windows
  • Julio Aviña
    2021-06-21

    Simple CRM 3.0 – ‘name’ Stored Cross site scripting (XSS)

  • webapps
  • php
  • Riadh Benlamine
    2021-06-18

    Node.JS – ‘node-serialize’ Remote Code Execution (3)

  • webapps
  • nodejs
  • Beren Kuday GÖRÜN
    2021-06-18

    Dlink DSL2750U – ‘Reboot’ Command Injection

  • remote
  • hardware
  • Mohammed Hadi
    2021-06-18

    ICE Hrm 29.0.0.OS – ‘xml upload’ Stored Cross-Site Scripting (XSS)

  • webapps
  • php
  • Piyush Patil
    2021-06-18

    ICE Hrm 29.0.0.OS – ‘Account Takeover’ Cross-Site Request Forgery (CSRF)

  • webapps
  • php
  • Piyush Patil
    2021-06-17

    Sync Breeze 13.6.18 – ‘Multiple’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-17

    Unified Office Total Connect Now 1.0 – ‘data’ SQL Injection

  • webapps
  • php
  • Ajaikumar Nadar
    2021-06-17

    Online Shopping Portal 3.1 – Remote Code Execution (Unauthenticated)

  • webapps
  • php
  • Tagoletta
    2021-06-17

    Workspace ONE Intelligent Hub 20.3.8.0 – ‘VMware Hub Health Monitoring Service’ Unquoted Service Path

  • local
  • windows
  • Ismael Nava
    2021-06-17

    Zoho ManageEngine ServiceDesk Plus MSP 9.4 – User Enumeration

  • webapps
  • java
  • Ricardo Ruiz
    2021-06-17

    VX Search 13.5.28 – ‘Multiple’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-17

    Dup Scout 13.5.28 – ‘Multiple’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-17

    Disk Savvy 13.6.14 – ‘Multiple’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-16

    CKEditor 3 – Server-Side Request Forgery (SSRF)

  • webapps
  • php
  • ahmed
    2021-06-16

    Teachers Record Management System 1.0 – ’email’ Stored Cross-site Scripting (XSS)

  • webapps
  • php
  • nhattruong
    2021-06-16

    Teachers Record Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)

  • webapps
  • php
  • nhattruong
    2021-06-16

    OpenEMR 5.0.1.3 – Authentication Bypass

  • webapps
  • php
  • Ron Jost
    2021-06-16

    Cotonti Siena 0.9.19 – ‘maintitle’ Stored Cross-Site Scripting

  • webapps
  • php
  • Fatih İLGİN
    2021-06-16

    Disk Sorter Enterprise 13.6.12 – ‘Disk Sorter Enterprise’ Unquoted Service Path

  • local
  • windows
  • BRushiran
    2021-06-16

    Disk Sorter Server 13.6.12 – ‘Disk Sorter Server’ Unquoted Service Path

  • local
  • windows
  • BRushiran
    2021-06-16

    DiskPulse 13.6.14 – ‘Multiple’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-15

    Polkit 0.105-26 0.117-2 – Local Privilege Escalation

  • local
  • linux
  • J Smith
    2021-06-15

    Brother BRAgent 1.38 – ‘WBA_Agent_Client’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez
    2021-06-15

    SysGauge 7.9.18 – ‘ SysGauge Server’ Unquoted Service Path

  • local
  • windows
  • Brian Rodriguez