Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2021-01-07

iBall-Baton WRA150N Rom-0 Backup – File Disclosure (Sensitive Information)

  • webapps
  • hardware
  • h4cks1n
    2021-01-07

    CRUD Operation 1.0 – Multiple Stored XSS

  • webapps
  • php
  • Arnav Tripathy
    2021-01-07

    ECSIMAGING PACS 6.21.5 – SQL injection

  • webapps
  • php
  • shoxxdj
    2021-01-07

    Curfew e-Pass Management System 1.0 – Stored XSS

  • webapps
  • php
  • Arnav Tripathy
    2021-01-07

    Cockpit CMS 0.6.1 – Remote Code Execution

  • webapps
  • php
  • Rafael Resende
    2021-01-07

    Employee Record System 1.0 – Unrestricted File Upload to Remote Code Execution

  • webapps
  • php
  • Saeed Bala Ahmed
    2021-01-07

    ECSIMAGING PACS 6.21.5 – Remote code execution

  • webapps
  • php
  • shoxxdj
    2021-01-06

    Advanced Webhost Billing System 3.7.0 – Cross-Site Request Forgery (CSRF)

  • webapps
  • php
  • Rahul Ramakant Singh
    2021-01-06

    Sonatype Nexus 3.21.1 – Remote Code Execution (Authenticated)

  • webapps
  • java
  • 1F98D
    2021-01-06

    H2 Database 1.4.199 – JNI Code Execution

  • local
  • java
  • 1F98D
    2021-01-06

    Gitea 1.7.5 – Remote Code Execution

  • webapps
  • multiple
  • 1F98D
    2021-01-06

    PaperStream IP (TWAIN) 1.42.0.5685 – Local Privilege Escalation

  • local
  • windows
  • 1F98D
    2021-01-06

    Resumes Management and Job Application Website 1.0 – RCE (Unauthenticated)

  • webapps
  • php
  • Arnav Tripathy
    2021-01-06

    WinAVR Version 20100110 – Insecure Folder Permissions

  • local
  • windows
  • Mohammed Alshehri
    2021-01-06

    Newgen Correspondence Management System (corms) eGov 12.0 – IDOR

  • webapps
  • multiple
  • ALI AL SINAN
    2021-01-06

    WordPress Plugin WP24 Domain Check 1.6.2 – ‘fieldnameDomain’ Stored Cross Site Scripting

  • webapps
  • php
  • Mehmet Kelepçe
    2021-01-06

    Responsive E-Learning System 1.0 – Stored Cross Site Scripting

  • webapps
  • php
  • Kshitiz Raj
    2021-01-06

    Responsive E-Learning System 1.0 – Unrestricted File Upload to RCE

  • webapps
  • php
  • Kshitiz Raj
    2021-01-06

    WordPress Plugin litespeed cache 3.6 – ‘server_ip’ Cross-Site Scripting

  • webapps
  • php
  • Nhat Ha
    2021-01-06

    Expense Tracker 1.0 – ‘Expense Name’ Stored Cross-Site Scripting

  • webapps
  • php
  • Shivam Verma
    2021-01-06

    IPeakCMS 3.5 – Boolean-based blind SQLi

  • webapps
  • multiple
  • MoeAlBarbari
    2021-01-06

    IObit Uninstaller 10 Pro – Unquoted Service Path

  • local
  • windows
  • Mayur Parmar
    2021-01-06

    dirsearch 0.4.1 – CSV Injection

  • local
  • Python
  • Dolev Farhi
    2021-01-05

    EgavilanMedia User Registration & Login System with Admin Panel 1.0 – Persistent Cross-Site Scripting

  • webapps
  • multiple
  • Mesut Cetin
    2021-01-05

    Klog Server 2.4.1 – Command Injection (Unauthenticated)

  • webapps
  • php
  • B3KC4T
    2021-01-05

    Online Learning Management System 1.0 – RCE (Authenticated)

  • webapps
  • php
  • Bedri Sertkaya
    2021-01-05

    Online Movie Streaming 1.0 – Authentication Bypass

  • webapps
  • php
  • Kshitiz Raj
    2021-01-05

    CSZ CMS 1.2.9 – Multiple Cross-Site Scripting

  • webapps
  • php
  • SunCSR
    2021-01-05

    WordPress Plugin WP-Paginate 2.1.3 – ‘preset’ Stored XSS

  • webapps
  • php
  • Park Won Seok
    2021-01-05

    Fluentd TD-agent plugin 4.0.1 – Insecure Folder Permission

  • local
  • windows
  • Adrian Bondocea
    2021-01-05

    WordPress Plugin Stripe Payments 2.0.39 – ‘AcceptStripePayments-settings[currency_code]’ Stored XSS

  • webapps
  • php
  • Park Won Seok
    2021-01-05

    Cassandra Web 0.5.0 – Remote File Read

  • webapps
  • linux
  • Jeremy Brown
    2021-01-05

    Resumes Management and Job Application Website 1.0 – Authentication Bypass

  • webapps
  • php
  • Kshitiz Raj
    2021-01-05

    HPE Edgeline Infrastructure Manager 1.0 – Multiple Remote Vulnerabilities

  • webapps
  • multiple
  • Jeremy Brown
    2021-01-05

    IncomCMS 2.0 – Insecure File Upload

  • webapps
  • multiple
  • MoeAlBarbari
    2021-01-05

    Zoom Meeting Connector 4.6.239.20200613 – Remote Root Exploit (Authenticated)

  • webapps
  • linux
  • Jeremy Brown
    2021-01-05

    Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 – ‘IAANTMON’ Unquoted Service Path

  • local
  • windows
  • Geovanni Ruiz
    2021-01-05

    Responsive FileManager 9.13.4 – ‘path’ Path Traversal

  • webapps
  • php
  • Sun* Cyber Security Research Team
    2021-01-05

    Baby Care System 1.0 – ‘Post title’ Stored XSS

  • webapps
  • php
  • Hardik Solanki
    2021-01-05

    Responsive E-Learning System 1.0 – ‘id’ Sql Injection

  • webapps
  • php
  • Kshitiz Raj
    2021-01-04

    Knockpy 4.1.1 – CSV Injection

  • local
  • Python
  • Dolev Farhi
    2021-01-04

    Mantis Bug Tracker 2.24.3 – ‘access’ SQL Injection

  • webapps
  • php
  • EthicalHCOP
    2021-01-04

    4images v1.7.11 – ‘Profile Image’ Stored Cross-Site Scripting

  • webapps
  • php
  • Ritesh Gohil
    2021-01-04

    WordPress Core 5.2.2 – ‘post previews’ XSS

  • webapps
  • php
  • gx1
    2021-01-04

    Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC)

  • dos
  • windows
  • stresser
    2021-01-04

    MiniTool ShadowMaker 3.2 – ‘MTAgentService’ Unquoted Service Path

  • local
  • windows
  • Thalia Nieto
    2021-01-04

    Arteco Web Client DVR/NVR – ‘SessionId’ Brute Force

  • webapps
  • windows
  • LiquidWorm
    2021-01-04

    Click2Magic 1.1.5 – Stored Cross-Site Scripting

  • webapps
  • multiple
  • Shivam Verma
    2021-01-04

    Subrion CMS 4.2.1 – ‘avatar[path]’ XSS

  • webapps
  • php
  • icekam
    2021-01-04

    CMS Made Simple 2.2.15 – RCE (Authenticated)

  • webapps
  • php
  • Andrey Stoykov