Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2024-11-15

SOPlanning 1.52.01 (Simple Online Planning Tool) – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• cybersploit
    2024-10-01

    reNgine 2.2.0 – Command Injection (Authenticated)
  • webapps
  • multiple
    		• Caner Tercan
    2024-10-01

    openSIS 9.1 – SQLi (Authenticated)
  • webapps
  • php
    		• Devrim Dıragumandan
    2024-10-01

    dizqueTV 1.5.3 – Remote Code Execution (RCE)
  • webapps
  • jsp
    		• Ahmed Said Saud Al-Busaidi
    2024-08-28

    NoteMark < 0.13.0 - Stored XSS
  • webapps
  • multiple
    		• Alessio Romano (sfoffo)
    2024-08-28

    Gitea 1.22.0 – Stored XSS
  • webapps
  • multiple
    		• Catalin Iovita, Alexandru Postolache
    2024-08-28

    Invesalius3 – Remote Code Execution
  • webapps
  • Python
    		• Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
    2024-08-28

    Windows TCP/IP – RCE Checker and Denial of Service
  • dos
  • windows
    		• Photubias
    2024-08-24

    Aurba 501 – Authenticated RCE
  • webapps
  • linux
    		• Hosein Vita
    2024-08-24

    HughesNet HT2000W Satellite Modem – Password Reset
  • webapps
  • hardware
    		• Simon Greenblatt
    2024-08-24

    Elber Wayber Analog/Digital Audio STL 4.00 – Device Config Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2024-08-24

    Elber Wayber Analog/Digital Audio STL 4.00 – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2024-08-24

    Elber ESE DVB-S/S2 Satellite Receiver 1.5.x – Device Config
  • webapps
  • hardware
    		• LiquidWorm
    2024-08-24

    Elber ESE DVB-S/S2 Satellite Receiver 1.5.x – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2024-08-23

    Helpdeskz v2.0.2 – Stored XSS
  • webapps
  • php
    		• Md. Sadikul Islam
    2024-08-23

    Calibre-web 0.6.21 – Stored XSS
  • webapps
  • multiple
    		• Catalin Iovita, Alexandru Postolache
    2024-08-04

    Devika v1 – Path Traversal via ‘snapshot_path’
  • webapps
  • Python
    		• Alperen Ergel
    2024-08-04

    Genexus Protection Server 9.7.2.10 – ‘protsrvservice’ Unquoted Service Path
  • local
  • windows
    		• SamAlucard
    2024-08-04

    SolarWinds Kiwi Syslog Server 9.6.7.1 – Unquoted Service Path
  • local
  • windows
    		• Milad karimi
    2024-08-04

    Oracle Database 12c Release 1 – Unquoted Service Path
  • local
  • windows
    		• Milad karimi
    2024-08-04

    Ivanti vADC 9.9 – Authentication Bypass
  • webapps
  • multiple
    		• ohnoisploited
    2024-07-16

    Bonjour Service ‘mDNSResponder.exe’ – Unquoted Service Path Privilege Escalation
  • local
  • windows
    		• bios
    2024-07-01

    Microweber 2.0.15 – Stored XSS
  • webapps
  • php
    		• tmrswrr
    2024-07-01

    Customer Support System 1.0 – Stored XSS
  • webapps
  • php
    		• Geraldo Alcantara
    2024-07-01

    Xhibiter NFT Marketplace 1.10.2 – SQL Injection
  • webapps
  • php
    		• Sohel Yousef
    2024-07-01

    Azon Dominator Affiliate Marketing Script – SQL Injection
  • webapps
  • php
    		• Buğra Enis Dönmez
    2024-06-26

    Automad 2.0.0-alpha.4 – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Jerry Thomas
    2024-06-26

    SolarWinds Platform 2024.1 SR1 – Race Condition
  • webapps
  • multiple
    		• Elhussain Fathy
    2024-06-26

    Flatboard 3.2 – Stored Cross-Site Scripting (XSS) (Authenticated)
  • webapps
  • php
    		• tmrswrr
    2024-06-26

    Poultry Farm Management System v1.0 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Jerry Thomas
    2024-06-14

    Boelter Blue System Management 1.3 – SQL Injection
  • webapps
  • php
    		• CBKB
    2024-06-14

    WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS) (Authenticated)
  • webapps
  • php
    		• Onur Göğebakan
    2024-06-14

    PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
  • webapps
  • php
    		• Yesith Alvarez
    2024-06-14

    AEGON LIFE v1.0 Life Insurance Management System – SQL injection vulnerability.
  • webapps
  • php
    		• Aslam Anwar Mahimkar
    2024-06-14

    XMB 1.9.12.06 – Stored XSS
  • webapps
  • php
    		• Chokri Hammedi
    2024-06-14

    Carbon Forum 5.9.0 – Stored XSS
  • webapps
  • php
    		• Chokri Hammedi
    2024-06-14

    AEGON LIFE v1.0 Life Insurance Management System – Stored cross-site scripting (XSS)
  • webapps
  • php
    		• Aslam Anwar Mahimkar
    2024-06-03

    Monstra CMS 3.0.4 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-03

    Dotclear 2.29 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-03

    Serendipity 2.5.0 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-03

    Sitefinity 15.0 – Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• Aldi Saputra Wahyudi
    2024-06-03

    appRain CMF 4.0.5 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-03

    CMSimple 5.15 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-03

    WBCE CMS v1.6.2 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-06-01

    FreePBX 16 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• Cold z3ro
    2024-06-01

    Akaunting 3.1.8 – Server-Side Template Injection (SSTI)
  • webapps
  • php
    		• tmrswrr
    2024-05-31

    Check Point Security Gateway – Information Disclosure (Unauthenticated)
  • webapps
  • hardware
    		• Yesith Alvarez
    2024-05-31

    Aquatronica Control System 5.1.6 – Information Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2024-05-31

    changedetection < 0.45.20 - Remote Code Execution (RCE)
  • webapps
  • multiple
    		• Zach Crosman (zcrosman)
    2024-05-31

    ElkArte Forum 1.1.9 – Remote Code Execution (RCE) (Authenticated)
  • webapps
  • php
    		• tmrswrr