Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2024-03-25

MobileShop master v1.0 – SQL Injection Vuln.
  • webapps
  • php
    		• HAZIM ARBAŞ
    2024-03-25

    Insurance Management System PHP and MySQL 1.0 – Multiple Stored XSS
  • webapps
  • php
    		• Hakkı TOKLU
    2024-03-25

    SPA-CART CMS – Stored XSS
  • webapps
  • php
    		• Eren Sen
    2024-03-25

    Craft CMS 4.4.14 – Unauthenticated Remote Code Execution
  • webapps
  • php
    		• Olivier Lasne
    2024-03-25

    LimeSurvey Community 5.3.32 – Stored XSS
  • webapps
  • php
    		• Subhankar Singh
    2024-03-22

    minaliC 2.0.0 – Denied of Service
  • remote
  • windows
    		• Fernando Mengali
    2024-03-20

    CSZCMS v1.3.0 – SQL Injection (Authenticated)
  • webapps
  • php
    		• Abdulaziz Almetairy
    2024-03-20

    HNAS SMU 14.8.7825 – Information Disclosure
  • remote
  • hardware
    		• Arslan Masood
    2024-03-20

    Teacher Subject Allocation Management System 1.0 – ‘searchdata’ SQLi
  • webapps
  • php
    		• Ersin Erenler
    2024-03-20

    Simple Task List 1.0 – ‘status’ SQLi
  • webapps
  • php
    		• Ersin Erenler
    2024-03-20

    Blood Bank 1.0 – ‘bid’ SQLi
  • webapps
  • php
    		• Ersin Erenler
    2024-03-20

    Employee Management System 1.0 – ‘admin_id’ SQLi
  • webapps
  • php
    		• Shubham Pandey
    2024-03-18

    xbtitFM 4.1.18 – Multiple Vulnerabilities
  • webapps
  • php
    		• h5kj23kj32io2kj
    2024-03-18

    TELSAT marKoni FM Transmitter 1.9.5 – Insecure Access Control Change Password
  • remote
  • hardware
    		• LiquidWorm
    2024-03-18

    TELSAT marKoni FM Transmitter 1.9.5 – Backdoor Account Information Disclosure
  • remote
  • hardware
    		• LiquidWorm
    2024-03-18

    TELSAT marKoni FM Transmitter 1.9.5 – Root Command Injection
  • remote
  • hardware
    		• LiquidWorm
    2024-03-18

    Backdrop CMS 1.23.0 – Stored XSS
  • webapps
  • php
    		• Sinem Şahin
    2024-03-18

    Atlassian Confluence < 8.5.3 - Remote Code Execution
  • webapps
  • multiple
    		• MaanVader
    2024-03-18

    Gibbon LMS < v26.0.00 - Authenticated RCE
  • webapps
  • php
    		• Ali Maharramli,Fikrat Guliev,Islam Rzayev
    2024-03-18

    ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
  • webapps
  • php
    		• Ravindu Wickramasinghe
    2024-03-18

    TYPO3 11.5.24 – Path Traversal (Authenticated)
  • webapps
  • php
    		• Saeed reza Zamanian
    2024-03-18

    WEBIGniter v28.7.23 – Stored XSS
  • webapps
  • php
    		• Mesut Cetin
    2024-03-18

    WordPress File Upload Plugin < 4.23.3 - Stored XSS
  • webapps
  • php
    		• Faiyaz Ahmad
    2024-03-18

    Quick.CMS 6.7 – SQL Injection Login Bypass
  • webapps
  • php
    		• H4X.Forensics
    2024-03-16

    Winter CMS 1.2.3 – Server-Side Template Injection (SSTI) (Authenticated)
  • webapps
  • php
    		• tmrswrr
    2024-03-16

    vm2 – sandbox escape
  • local
  • multiple
    		• Calil Khalil
    2024-03-16

    UPS Network Management Card 4 – Path Traversal
  • webapps
  • php
    		• Víctor García
    2024-03-16

    Nokia BMC Log Scanner – Remote Code Execution
  • webapps
  • linux
    		• Carlos Andres Gonzalez, Matthew Gregory
    2024-03-16

    Karaf v4.4.3 Console – RCE
  • webapps
  • java
    		• Andrzej Olchawa, Milenko Starcik
    2024-03-16

    LaborOfficeFree 19.10 – MySQL Root Password Calculator
  • local
  • windows
    		• Peter Gabaldon
    2024-03-14

    KiTTY 0.76.1.13 – Command Injection
  • local
  • windows
    		• DEFCESCO
    2024-03-14

    KiTTY 0.76.1.13 – ‘Start Duplicated Session Username’ Buffer Overflow
  • local
  • windows
    		• DEFCESCO
    2024-03-14

    KiTTY 0.76.1.13 – ‘Start Duplicated Session Hostname’ Buffer Overflow
  • local
  • windows
    		• DEFCESCO
    2024-03-14

    GitLab CE/EE < 16.7.2 - Password Reset
  • remote
  • java
    		• 0xB455
    2024-03-14

    Ruijie Switch PSG-5124 26293 – Remote Code Execution (RCE)
  • remote
  • hardware
    		• ByteHunter
    2024-03-14

    Viessmann Vitogate 300 2.1.3.0 – Remote Code Execution (RCE)
  • remote
  • hardware
    		• ByteHunter
    2024-03-14

    SolarView Compact 6.00 – Command Injection
  • remote
  • hardware
    		• ByteHunter
    2024-03-14

    Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
  • remote
  • hardware
    		• ByteHunter
    2024-03-14

    JetBrains TeamCity 2023.05.3 – Remote Code Execution (RCE)
  • remote
  • java
    		• ByteHunter
    2024-03-12

    Human Resource Management System 1.0 – ’employeeid’ SQL Injection
  • webapps
  • php
    		• Srikar
    2024-03-12

    SnipeIT 6.2.1 – Stored Cross Site Scripting
  • webapps
  • multiple
    		• Shahzaib Ali Khan
    2024-03-12

    VMware Cloud Director 10.5 – Bypass identity verification
  • remote
  • multiple
    		• Abdualhadi khalifa
    2024-03-12

    Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
  • webapps
  • hardware
    		• Abdualhadi khalifa
    2024-03-12

    Client Details System 1.0 – SQL Injection
  • webapps
  • php
    		• Hamdi Sevben
    2024-03-12

    OSGi v3.7.2 (and below) Console – RCE
  • webapps
  • multiple
    		• Andrzej Olchawa, Milenko Starcik
    2024-03-12

    OSGi v3.8-3.18 Console – RCE
  • webapps
  • multiple
    		• Andrzej Olchawa, Milenko Starcik
    2024-03-11

    Sitecore – Remote Code Execution v8.2
  • webapps
  • aspx
    		• abhishek morla
    2024-03-11

    Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier – Arbitrary File Read
  • webapps
  • multiple
    		• Youssef Muhammad
    2024-03-11

    WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
  • webapps
  • php
    		• Dmitrii Ignatyev
    2024-03-11

    Microsoft Windows Defender / Trojan.Win32/Powessere.G – Detection Mitigation Bypass
  • local
  • windows
    		• hyp3rlinx