Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2020-09-15

ThinkAdmin 6 – Arbitrarily File Read
  • webapps
  • php
    		• Hzllaga
    2020-09-14

    Joomla! paGO Commerce 2.5.9.0 – SQL Injection (Authenticated)
  • webapps
  • php
    		• Mehmet Kelepçe
    2020-09-14

    Pearson Vue VTS 2.3.1911 Installer – ‘VUEApplicationWrapper’ Unquoted Service Path
  • local
  • windows
    		• Jok3r
    2020-09-14

    RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
  • webapps
  • hardware
    		• Jonatan Schor
    2020-09-14

    Rapid7 Nexpose Installer 6.6.39 – ‘nexposeengine’ Unquoted Service Path
  • local
  • windows
    		• LiquidWorm
    2020-09-14

    RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
  • webapps
  • hardware
    		• Jonatan Schor
    2020-09-11

    Tea LaTex 1.0 – Remote Code Execution (Unauthenticated)
  • webapps
  • multiple
    		• nepska
    2020-09-11

    VTENEXT 19 CE – Remote Code Execution
  • webapps
  • multiple
    		• Marco Ruela
    2020-09-11

    Gnome Fonts Viewer 3.34.0 – Heap Corruption
  • local
  • linux
    		• Cody Winkler
    2020-09-10

    CuteNews 2.1.2 – Remote Code Execution
  • webapps
  • php
    		• Musyoka Ian
    2020-09-10

    Tiandy IPC and NVR 9.12.7 – Credential Disclosure
  • webapps
  • hardware
    		• zb3
    2020-09-10

    ZTE Router F602W – Captcha Bypass
  • webapps
  • hardware
    		• Hritik Vijay
    2020-09-09

    Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)
  • webapps
  • java
    		• V1n1v131r4
    2020-09-09

    Tailor Management System – ‘id’ SQL Injection
  • webapps
  • php
    		• Mosaaed
    2020-09-09

    Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH)
  • local
  • windows
    		• Felipe Winsnes
    2020-09-09

    Input Director 1.4.3 – ‘Input Director’ Unquoted Service Path
  • local
  • windows
    		• TOUHAMI Kasbaoui
    2020-09-08

    ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path
  • local
  • windows
    		• alacerda
    2020-09-07

    ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
  • webapps
  • java
    		• Hodorsec
    2020-09-07

    grocy 2.7.1 – Persistent Cross-Site Scripting
  • webapps
  • php
    		• Mufaddal Masalawala
    2020-09-07

    Cabot 0.11.12 – Persistent Cross-Site Scripting
  • webapps
  • multiple
    		• Abhiram V
    2020-09-04

    Nord VPN-6.31.13.0 – ‘nordvpn-service’ Unquoted Service Path
  • local
  • windows
    		• chipo
    2020-09-03

    BarracudaDrive v6.5 – Insecure Folder Permissions
  • local
  • windows
    		• boku
    2020-09-03

    SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated)
  • webapps
  • php
    		• V1n1v131r4
    2020-09-03

    Daily Tracker System 1.0 – Authentication Bypass
  • webapps
  • php
    		• Adeeb Shah
    2020-09-03

    BloodX CMS 1.0 – Authentication Bypass
  • webapps
  • php
    		• BKpatron
    2020-09-03

    Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting
  • webapps
  • php
    		• Hemant Patidar
    2020-09-02

    Rukovoditel 2.7.1 – Remote Code Execution (2) (Authenticated)
  • webapps
  • php
    		• danyx07
    2020-09-02

    Stock Management System 1.0 – Cross-Site Request Forgery (Change Username)
  • webapps
  • php
    		• boku
    2020-09-01

    moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
  • webapps
  • php
    		• Abdulkadir Kaya
    2020-09-01

    Mara CMS 7.5 – Remote Code Execution (Authenticated)
  • webapps
  • php
    		• 0blio_
    2020-08-31

    CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
  • webapps
  • php
    		• Luis Noriega
    2020-08-31

    Fuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
  • webapps
  • php
    		• c0mpu7er
    2020-08-31

    Mara CMS 7.5 – Reflective Cross-Site Scripting
  • webapps
  • php
    		• George Tsimpidas
    2020-08-31

    BlazeDVD 7.0 Professional – ‘.plf’ Local Buffer Overflow (SEH,ASLR,DEP)
  • local
  • windows
    		• emalp
    2020-08-31

    Online Book Store 1.0 – ‘id’ SQL Injection
  • webapps
  • php
    		• Moaaz Taha
    2020-08-28

    Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
  • webapps
  • hardware
    		• LiquidWorm
    2020-08-28

    SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
  • webapps
  • php
    		• SunCSR
    2020-08-28

    Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting
  • webapps
  • multiple
    		• Jinson Varghese Behanan
    2020-08-28

    Online Shopping Alphaware 1.0 – ‘id’ SQL Injection
  • webapps
  • php
    		• Moaaz Taha
    2020-08-27

    WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
  • webapps
  • php
    		• SunCSR Team
    2020-08-27

    ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
  • local
  • windows
    		• Paras Bhatia
    2020-08-27

    Mida eFramework 2.9.0 – Remote Code Execution
  • webapps
  • multiple
    		• elbae
    2020-08-26

    Eibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal
  • webapps
  • multiple
    		• LiquidWorm
    2020-08-26

    Ericom Access Server x64 9.2.0 – Server-Side Request Forgery
  • webapps
  • multiple
    		• hyp3rlinx
    2020-08-24

    Eibiz i-Media Server Digital Signage 3.8.0 – Configuration Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2020-08-24

    Eibiz i-Media Server Digital Signage 3.8.0 – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2020-08-24

    LimeSurvey 4.3.10 – ‘Survey Menu’ Persistent Cross-Site Scripting
  • webapps
  • php
    		• Matthew Aberegg
    2020-08-21

    Seowon SlC 130 Router – Remote Code Execution
  • webapps
  • hardware
    		• maj0rmil4d
    2020-08-21

    Complaint Management System 1.0 – ‘cid’ SQL Injection
  • webapps
  • php
    		• Mohamed Elobeid
    2020-08-20

    PNPSCADA 2.200816204020 – ‘interf’ SQL Injection (Authenticated)
  • webapps
  • hardware
    		• İsmail ERKEK