Exploits - Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers - 体验盒子

共24443Exploits

日期	标题	类型	平台	作者
2024-03-11	Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR	webapps	hardware	Arslan Masood
2024-03-10	Hide My WP < 6.2.9 - Unauthenticated SQLi	webapps	php	Xenofon Vassilakopoulos
2024-03-10	Akaunting < 3.1.3 - RCE	webapps	php	u32i
2024-03-10	Ladder v0.0.21 – Server-side request forgery (SSRF)	webapps	go	@_chebuya
2024-03-10	DataCube3 v1.0 – Unrestricted file upload ‘RCE’	webapps	php	Samy Younsi - NS Labs
2024-03-10	Numbas < v7.3 - Remote Code Execution	webapps	nodejs	Matheus Alexandre
2024-03-10	TP-Link TL-WR740N – Buffer Overflow ‘DOS’	webapps	hardware	Anish Feroz
2024-03-06	CVE-2023-50071 – Multiple SQL Injection	webapps	php	Geraldo Alcantara
2024-03-06	Lot Reservation Management System – Unauthenticated File Disclosure	webapps	php	Elijah Mandila Syoyi
2024-03-06	Lot Reservation Management System – Unauthenticated File Upload and Remote Code Execution	webapps	php	Elijah Mandila Syoyi
2024-03-06	GLiNet – Router Authentication Bypass	webapps	hardware	Daniele Linguaglossa
2024-03-06	elFinder Web file manager Version – 2.1.53 Remote Command Execution	webapps	php	tmrswrr
2024-03-06	CSZ CMS Version 1.3.0 – Authenticated Remote Command Execution	webapps	php	tmrswrr
2024-03-05	kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition	webapps	php	Mohammad Reza Omrani
2024-03-05	Neontext WordPress Plugin – Stored XSS	webapps	php	Eren Car
2024-03-05	Solar-Log 200 PM+ 3.6.0 Build 99 – 15.10.2019 – Stored XSS	webapps	hardware	Vincent McRae, Mesut Cetin
2024-03-03	TPC-110W – Missing Authentication for Critical Function	remote	hardware	Amirhossein Bahramizadeh
2024-03-03	Enrollment System v1.0 – SQL Injection	remote	php	Gnanaraj Mauviel
2024-03-03	AC Repair and Services System v1.0 – Multiple SQL Injection	remote	php	Gnanaraj Mauviel
2024-03-03	Windows PowerShell – Event Log Bypass Single Quote Code Execution	local	windows_x86-64	hyp3rlinx
2024-03-03	Simple Student Attendance System v1.0 – ‘classid’ Time Based Blind & Union Based SQL Injection	remote	php	Gnanaraj Mauviel
2024-03-03	Simple Student Attendance System v1.0 – Time Based Blind SQL Injection	remote	php	Gnanaraj Mauviel
2024-03-03	Easywall 0.3.1 – Authenticated Remote Command Execution	webapps	multiple	Melvin Mejia
2024-03-03	Real Estate Management System v1.0 – Remote Code Execution via File Upload	remote	php	Diyar Saadi
2024-03-03	R Radio Network FM Transmitter 1.07 system.cgi – Password Disclosure	remote	hardware	LiquidWorm
2024-03-03	Petrol Pump Management Software v1.0 – Remote Code Execution via File Upload	remote	php	Shubham Pandey
2024-03-03	GL.iNet AR300M v3.216 Remote Code Execution – CVE-2023-46456 Exploit	remote	hardware	cyberaz0r
2024-03-03	Petrol Pump Management Software v.1.0 – SQL Injection	remote	php	Shubham Pandey
2024-03-03	TitanNit Web Control 2.01 / Atemio 7600 – Root Remote Code Execution	remote	hardware	LiquidWorm
2024-03-03	Petrol Pump Management Software v.1.0 – Stored Cross Site Scripting via SVG file	remote	php	Shubham Pandey
2024-03-03	GL.iNet AR300M v4.3.7 Remote Code Execution – CVE-2023-46454 Exploit	remote	hardware	cyberaz0r
2024-03-03	Petrol Pump Management Software v1.0 – ‘Address’ Stored Cross Site Scripting	remote	php	Shubham Pandey
2024-03-03	GL.iNet AR300M v4.3.7 Arbitrary File Read – CVE-2023-46455 Exploit	remote	hardware	cyberaz0r
2024-03-03	Maxima Max Pro Power – BLE Traffic Replay (Unauthenticated)	remote	hardware	Alok kumar
2024-03-03	A-PDF All to MP3 Converter 2.0.0 – DEP Bypass via HeapCreate + HeapAlloc	local	multiple	George Washington
2024-03-03	Boss Mini 1.4.0 – local file inclusion	webapps	php	nltt0
2024-03-03	Magento ver. 2.4.6 – XSLT Server Side Injection	webapps	multiple	tmrswrr
2024-02-28	WP Rocket < 2.10.3 - Local File Inclusion (LFI)	webapps	php	E1 Coders
2024-02-28	WP Fastest Cache 1.2.2 – Unauthenticated SQL Injection	webapps	php	Meryem Taşkın
2024-02-28	(shellcode) Linux-x64 – create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]	local	linux	Alexys (0x177git)
2024-02-28	Blood Bank v1.0 – Multiple SQL Injection	webapps	php	Ersin Erenler
2024-02-28	Saflok – Key Derication Function Exploit	local	hardware	planthopper3301
2024-02-28	WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – “Dashboard Redirect” field Stored Cross-Site Scripting (XSS)	webapps	php	Rachit Arora
2024-02-27	Atlassian Confluence Data Center and Server – Authentication Bypass (Metasploit)	webapps	multiple	Emir Polat
2024-02-27	TEM Opera Plus FM Family Transmitter 35.45 – XSRF	remote	hardware	LiquidWorm
2024-02-27	TEM Opera Plus FM Family Transmitter 35.45 – Remote Code Execution	remote	hardware	LiquidWorm
2024-02-27	WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)	webapps	php	Leopoldo Angulo (leoanggal1)
2024-02-27	Executables Created with perl2exe < V30.10C - Arbitrary Code Execution	remote	multiple	decrazyo
2024-02-27	Automatic-Systems SOC FL9600 FastLine – The device contains hardcoded login and password for super admin	webapps	php	Marcin Kozlowski
2024-02-27	Automatic-Systems SOC FL9600 FastLine – Directory Transversal	webapps	php	Marcin Kozlowski