multiple

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers/漏洞数据库

日期 标题 类别 作者
2018-01-28 Werkzeug – ‘Debug Shell’ Command Execution
  • remote
    		•  Ali BawazeEer
    2018-01-28 Artifex MuJS 1.0.2 – Integer Overflow
  • dos
    		•  Andrea Sindoni
    2018-01-28 Artifex MuJS 1.0.2 – Denial of Service
  • dos
    		•  Andrea Sindoni
    2018-01-26 BMC BladeLogic 8.3.00.64 – Remote Command Execution
  • remote
    		•  Paul Taylor
    2018-01-24 Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape
  • local
    		•  SecuriTeam
    2018-01-24 GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
  • remote
    		•  Metasploit
    2018-01-23 NEC Univerge SV9100/SV8100 WebPro 10.0 – Configuration Download
  • webapps
    		•  LiquidWorm
    2018-01-15 DarkComet (C2 Server) – File Upload
  • webapps
    		•  Pseudo Laboratories
    2018-01-11 Transmission – RPC DNS Rebinding
  • remote
    		•  Google Security Research
    2018-01-10 Parity Browser < 1.6.10 - Bypass Same Origin Policy
  • local
    		•  tintinweb
    2018-01-10 SAP NetWeaver J2EE Engine 7.40 – SQL Injection
  • webapps
    		•  Vahagn Vardanyan
    2018-01-03 Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution
  • remote
    		•  Kevin Kirsche
    2018-01-03 Multiple CPUs – ‘Spectre’ Information Disclosure
  • local
    		•  Multiple
    2018-01-03 EMC xPression 4.5SP1 Patch 13 – ‘model.jobHistoryId’ SQL Injection
  • webapps
    		•  Pawel Gocyla
    2017-12-27 SAP BusinessObjects launch pad – Server-Side Request Forgery
  • webapps
    		•  Ahmad Mahfouz
    2017-12-26 Oracle WebLogic Server 10.3.6.0.0 / 12.x – Remote Command Execution
  • remote
    		•  1337g
    2017-12-22 Vitek – Remote Command Execution / Information Disclosure (PoC)
  • remote
    		•  bashis
    2017-12-20 Ability Mail Server 3.3.2 – Cross-Site Scripting
  • webapps
    		•  Aloyce J. Makalanga
    2017-12-20 Conarc iChannel – Improper Access Restrictions
  • webapps
    		•  Information Paradox
    2017-12-19 Trend Micro Smart Protection Server – Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
  • remote
    		•  CoreLabs
    2017-12-19 Jenkins – XStream Groovy classpath Deserialization (Metasploit)
  • remote
    		•  Metasploit
    2017-12-14 Multiple OEM – ‘nsd’ Remote Stack Format String (PoC)
  • dos
    		•  bashis
    2017-12-13 vBulletin 5.x – ‘routestring’ Remote Code Execution
  • webapps
    		•  SecuriTeam
    2017-12-13 vBulletin 5.x – ‘cacheTemplates’ Remote Arbitrary File Deletion
  • webapps
    		•  SecuriTeam