java

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers/漏洞数据库

日期 标题 类别 作者
2021-08-04 ApacheOfBiz 17.12.01 – Remote Command Execution (RCE)
  • webapps
    		•  Adrián Díaz
    2021-08-02 Neo4j 3.4.18 – RMI based Remote Code Execution (RCE)
  • remote
    		•  Christopher Ellis
    2021-07-29 CloverDX 5.9.0 – Cross-Site Request Forgery (CSRF)
  • webapps
    		•  niebardzo
    2021-07-16 ForgeRock Access Manager 14.6.3 – Remote Code Execution (RCE) (Unauthenticated)
  • webapps
    		•  Photubias
    2021-06-17 Zoho ManageEngine ServiceDesk Plus MSP 9.4 – User Enumeration
  • webapps
    		•  Ricardo Ruiz
    2021-05-24 Shopizer 2.16.0 – ‘Multiple’ Cross-Site Scripting (XSS)
  • webapps
    		•  Marek Toth
    2021-04-14 CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated)
  • webapps
    		•  skysbsb
    2021-04-14 CITSmart ITSM 9.1.2.22 – LDAP Injection
  • webapps
    		•  skysbsb
    2021-03-29 Novel Boutique House-plus 3.5.1 – Arbitrary File Download
  • webapps
    		•  tuyiqiang
    2021-03-05 CatDV 9.2 – RMI Authentication Bypass
  • remote
    		•  Christopher Ellis
    2021-01-26 Oracle WebLogic Server 12.2.1.0 – RCE (Unauthenticated)
  • webapps
    		•  CHackA0101
    2021-01-22 Oracle WebLogic Server 14.1.1.0 – RCE (Authenticated)
  • webapps
    		•  Photubias
    2021-01-08 Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit)
  • webapps
    		•  SunCSR Team
    2021-01-06 Sonatype Nexus 3.21.1 – Remote Code Execution (Authenticated)
  • webapps
    		•  1F98D
    2021-01-06 H2 Database 1.4.199 – JNI Code Execution
  • local
    		•  1F98D
    2020-12-14 Jenkins 2.235.3 – ‘X-Forwarded-For’ Stored XSS
  • webapps
    		•  gx1
    2020-12-11 Jenkins 2.235.3 – ‘Description’ Stored XSS
  • webapps
    		•  gx1
    2020-12-11 Jenkins 2.235.3 – ‘tooltip’ Stored Cross-Site Scripting
  • webapps
    		•  gx1
    2020-11-02 Apache Flink 1.9.x – File Upload RCE (Unauthenticated)
  • webapps
    		•  bigger.wing
    2020-10-29 WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request
  • webapps
    		•  Mohammed Althibyani
    2020-10-20 Apache Struts 2 – DefaultActionMapper Prefixes OGNL Code Execution
  • webapps
    		•  Jonatas Fil
    2020-10-19 Jenkins 2.63 – Sandbox bypass in pipeline: Groovy plug-in
  • webapps
    		•  Daniel Morris
    2020-09-09 Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)
  • webapps
    		•  V1n1v131r4
    2020-09-07 ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
  • webapps
    		•  Hodorsec