Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2024-05-31

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
  • webapps
  • php
    		• Gabriel Felipe
    2024-05-31

    BWL Advanced FAQ Manager 2.0.3 – Authenticated SQL Injection
  • webapps
  • php
    		• Ivan Spiridonov
    2024-05-19

    htmlLawed 1.2.5 – Remote Code Execution (RCE)
  • webapps
  • php
    		• Miguel Redondo
    2024-05-19

    PopojiCMS 2.0.1 – Remote Command Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-05-19

    Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-05-19

    Apache OFBiz 18.12.12 – Directory Traversal
  • webapps
  • java
    		• Abdualhadi khalifa
    2024-05-19

    WordPress Theme XStore 9.3.8 – SQLi
  • webapps
  • php
    		• Abdualhadi khalifa
    2024-05-19

    Rocket LMS 1.9 – Persistent Cross Site Scripting (XSS)
  • webapps
  • php
    		• Sergio Medeiros
    2024-05-13

    Prison Management System – SQL Injection Authentication Bypass
  • webapps
  • php
    		• Sanjay Singh
    2024-05-13

    PyroCMS v3.0.1 – Stored XSS
  • webapps
  • php
    		• tmrswrr
    2024-05-13

    CE Phoenix Version 1.0.8.20 – Stored XSS
  • webapps
  • php
    		• tmrswrr
    2024-05-13

    Leafpub 1.1.9 – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-05-13

    Chyrp 2.5.2 – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-05-13

    CrushFTP < 11.1.0 - Directory Traversal
  • remote
  • multiple
    		• Abdualhadi khalifa
    2024-05-13

    Plantronics Hub 3.25.1 – Arbitrary File Read
  • local
  • windows
    		• Alaa Kachouh
    2024-05-13

    Apache mod_proxy_cluster – Stored XSS
  • webapps
  • php
    		• Mohamed Mounir Boudjema
    2024-05-08

    iboss Secure Web Gateway – Stored Cross-Site Scripting (XSS)
  • webapps
  • multiple
    		• modrnProph3t
    2024-05-08

    Clinic Queuing System 1.0 – RCE
  • webapps
  • php
    		• Juan Marco Sanchez
    2024-05-04

    Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link – Device Config Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2024-05-04

    Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2024-05-04

    Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 – Device Config Disclosure
  • webapps
  • php
    		• LiquidWorm
    2024-05-04

    Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2024-05-04

    Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 – Device Config Disclosure
  • webapps
  • hardware
    		• LiquidWorm
    2024-05-04

    Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm
    2024-04-21

    Flowise 1.6.5 – Authentication Bypass
  • webapps
  • typescript
    		• Maerifat Majeed
    2024-04-21

    Laravel Framework 11 – Credential Leakage
  • webapps
  • php
    		• Huseein Amer
    2024-04-21

    SofaWiki 3.9.2 – Remote Command Execution (RCE) (Authenticated)
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-04-21

    WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
  • webapps
  • php
    		• Milad karimi
    2024-04-21

    FlatPress v1.3 – Remote Command Execution
  • webapps
  • php
    		• Ahmet Ümit BAYRAM
    2024-04-21

    Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
  • remote
  • linux_x86-64
    		• Kr0ff
    2024-04-15

    OpenClinic GA 5.247.01 – Path Traversal (Authenticated)
  • webapps
  • php
    		• VB
    2024-04-15

    OpenClinic GA 5.247.01 – Information Disclosure
  • webapps
  • php
    		• VB
    2024-04-15

    Jenkins 2.441 – Local File Inclusion
  • webapps
  • java
    		• Matisse Beckandt
    2024-04-15

    djangorestframework-simplejwt 5.3.1 – Information Disclosure
  • webapps
  • Python
    		• Dhrumil Mistry
    2024-04-13

    BMC Compuware iStrobe Web – 20.13 – Pre-auth RCE
  • webapps
  • jsp
    		• trancap
    2024-04-13

    Stock Management System v1.0 – Unauthenticated SQL Injection
  • webapps
  • php
    		• blu3ming
    2024-04-13

    Online Fire Reporting System OFRS – SQL Injection Authentication Bypass
  • webapps
  • php
    		• Diyar Saadi
    2024-04-13

    Savsoft Quiz v6.0 Enterprise – Stored XSS
  • webapps
  • php
    		• Eren Sen
    2024-04-12

    WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Erdemstar
    2024-04-12

    WBCE CMS Version 1.6.1 – Remote Command Execution (Authenticated)
  • webapps
  • php
    		• tmrswrr
    2024-04-12

    WBCE 1.6.0 – Unauthenticated SQL injection
  • webapps
  • php
    		• young pope
    2024-04-12

    Moodle 3.10.1 – Authenticated Blind Time-Based SQL Injection – “sort” parameter
  • webapps
  • php
    		• Julio Ángel Ferrari
    2024-04-12

    PrusaSlicer 2.6.1 – Arbitrary code execution
  • local
  • multiple
    		• Kamil Breński
    2024-04-12

    PopojiCMS Version 2.0.1 – Remote Command Execution
  • webapps
  • php
    		• tmrswrr
    2024-04-12

    WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
  • webapps
  • php
    		• Erdemstar
    2024-04-12

    HTMLy Version v2.9.6 – Stored XSS
  • webapps
  • php
    		• tmrswrr
    2024-04-12

    Ray OS v2.6.3 – Command Injection RCE(Unauthorized)
  • webapps
  • Python
    		• Fire_Wolf
    2024-04-12

    Terratec dmx_6fire USB – Unquoted Service Path
  • local
  • windows_x86-64
    		• Joseph Kwabena Fiagbor
    2024-04-12

    MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
  • remote
  • go
    		• Jenson Zhao
    2024-04-12

    GUnet OpenEclass E-learning platform 3.15 – ‘certbadge.php’ Unrestricted File Upload
  • webapps
  • php
    		• George Tsimpidas