Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2024-02-27

SuperStoreFinder – Multiple Vulnerabilities
  • webapps
  • php
    		• bRpsd
    2024-02-27

    Moodle 4.3 – Insecure Direct Object Reference
  • webapps
  • php
    		• tmrswrr
    2024-02-27

    Zoo Management System 1.0 – Unauthenticated RCE
  • webapps
  • php
    		• Çağatay Ceyhan
    2024-02-27

    dawa-pharma 1.0-2022 – Multiple-SQLi
  • webapps
  • php
    		• nu11secur1ty
    2024-02-26

    IBM i Access Client Solutions v1.1.2 – 1.1.4, v1.1.4.3 – 1.1.9.4 – Remote Credential Theft
  • remote
  • windows_x86-64
    		• hyp3rlinx
    2024-02-26

    Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
  • remote
  • multiple
    		• hyp3rlinx
    2024-02-26

    Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'
  • dos
  • multiple
    		• hyp3rlinx
    2024-02-26

    Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration
  • remote
  • multiple
    		• hyp3rlinx
    2024-02-26

    FAQ Management System v1.0 – ‘faq’ SQL Injection
  • remote
  • php
    		• SoSPiro
    2024-02-26

    Flashcard Quiz App v1.0 – ‘card’ SQL Injection
  • remote
  • php
    		• SoSPiro
    2024-02-26

    Online Shopping System Advanced – Sql Injection
  • webapps
  • php
    		• Furkan Gedik
    2024-02-26

    taskhub 2.8.7 – SQL Injection
  • webapps
  • php
    		• CraCkEr
    2024-02-26

    comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
  • webapps
  • php
    		• Diaa Hanna
    2024-02-26

    Simple Inventory Management System v1.0 – ’email’ SQL Injection
  • remote
  • php
    		• SoSPiro
    2024-02-21

    WEBIGniter v28.7.23 – Stored Cross Site Scripting (XSS)
  • webapps
  • php
    		• Sagar Banwa
    2024-02-19

    Microsoft Windows Defender Bypass – Detection Mitigation Bypass
  • local
  • windows_x86-64
    		• hyp3rlinx
    2024-02-19

    XAMPP – Buffer Overflow POC
  • dos
  • windows
    		• Talson
    2024-02-19

    phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
  • webapps
  • php
    		• Egidio Romano
    2024-02-19

    JFrog Artifactory < 7.25.4 - Blind SQL Injection
  • webapps
  • php
    		• ardr
    2024-02-19

    Wondercms 4.3.2 – XSS to RCE
  • webapps
  • multiple
    		• Anas Zakir
    2024-02-19

    SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
  • webapps
  • multiple
    		• Jonas Benjamin Friedli
    2024-02-19

    Employee Management System v1 – ’email’ SQL Injection
  • webapps
  • php
    		• SoSPiro
    2024-02-19

    Microsoft Windows Defender – VBScript Detection Bypass
  • local
  • windows_x86-64
    		• hyp3rlinx
    2024-02-15

    DS Wireless Communication – Remote Code Execution
  • local
  • hardware
    		• MikeIsAStar
    2024-02-15

    Metabase 0.46.6 – Pre-Auth Remote Code Execution
  • webapps
  • linux
    		• Musyoka Ian
    2024-02-15

    SISQUALWFM 7.1.319.103 – Host Header Injection
  • webapps
  • multiple
    		• Omer Shaik
    2024-02-13

    Lost and Found Information System v1.0 – ( IDOR ) leads to Account Take over
  • webapps
  • php
    		• Or4nG.M4N
    2024-02-13

    ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
  • webapps
  • windows
    		• Metin Yunus Kandemir
    2024-02-13

    VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) – Remote Denial Of Service
  • dos
  • hardware
    		• LiquidWorm
    2024-02-13

    Splunk 9.0.4 – Information Disclosure
  • webapps
  • multiple
    		• Parsa Rezaie Khiabanloo
    2024-02-09

    Advanced Page Visit Counter 1.0 – Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
  • webapps
  • php
    		• Furkan ÖZER
    2024-02-09

    Online Nurse Hiring System 1.0 – Time-Based SQL Injection
  • webapps
  • php
    		• yozgatalperen1
    2024-02-09

    Rail Pass Management System 1.0 – Time-Based SQL Injection
  • webapps
  • php
    		• yozgatalperen1
    2024-02-09

    WordPress Seotheme – Remote Code Execution Unauthenticated
  • webapps
  • php
    		• Milad karimi
    2024-02-09

    WordPress Augmented-Reality – Remote Code Execution Unauthenticated
  • webapps
  • php
    		• Milad karimi
    2024-02-09

    Elasticsearch – StackOverflow DoS
  • dos
  • multiple
    		• TOUHAMI Kasbaoui
    2024-02-09

    Zyxel zysh – Format string
  • remote
  • hardware
    		• Marco Ivaldi
    2024-02-05

    Milesight Routers UR5X, UR32L, UR32, UR35, UR41 – Credential Leakage Through Unprotected System Logs and Weak Password Encryption
  • remote
  • hardware
    		• Bipin Jitiya
    2024-02-05

    WhatsUp Gold 2022 (22.1.0 Build 39) – XSS
  • webapps
  • multiple
    		• Andreas Finstad
    2024-02-05

    MISP 2.4.171 – Stored XSS
  • webapps
  • php
    		• Mücahit Çeri
    2024-02-05

    Clinic’s Patient Management System 1.0 – Unauthenticated RCE
  • webapps
  • php
    		• Oğulcan Hami Gül
    2024-02-05

    Curfew e-Pass Management System 1.0 – FromDate SQL Injection
  • webapps
  • php
    		• Puja Dey
    2024-02-05

    GYM MS – GYM Management System – Cross Site Scripting (Stored)
  • webapps
  • php
    		• yozgatalperen1
    2024-02-02

    PCMan FTP Server 2.0 – ‘pwd’ Remote Buffer Overflow
  • remote
  • windows
    		• Waqas Ahmed Faroouqi
    2024-02-02

    WebCatalog 48.4 – Arbitrary Protocol Execution
  • remote
  • windows
    		• ItsSixtyN3in
    2024-02-02

    Juniper-SRX-Firewalls&EX-switches – (PreAuth-RCE) (PoC)
  • webapps
  • php
    		• whiteOwl
    2024-02-02

    Electrolink FM/DAB/TV Transmitter – Pre-Auth MPFS Image Remote Code Execution
  • webapps
  • hardware
    		• LiquidWorm
    2024-02-02

    Electrolink FM/DAB/TV Transmitter – Unauthenticated Remote DoS
  • dos
  • hardware
    		• LiquidWorm
    2024-02-02

    Electrolink FM/DAB/TV Transmitter – Remote Authentication Removal
  • webapps
  • hardware
    		• LiquidWorm
    2024-02-02

    Electrolink FM/DAB/TV Transmitter (Login Cookie) – Authentication Bypass
  • webapps
  • hardware
    		• LiquidWorm