webapps

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers/漏洞数据库

日期 标题 类别 作者
2021-12-10 Free School Management Software 1.0 – ‘multiple’ Stored Cross-Site Scripting (XSS)
  • webapps
    		•  fuzzyap1
    2021-12-10 OpenCATS 0.9.4 – Remote Code Execution (RCE)
  • webapps
    		•  Nicholas Ferreira
    2021-12-09 Student Management System 1.0 – SQLi Authentication Bypass
  • webapps
    		•  Enes Özeser
    2021-12-09 TestLink 1.19 – Arbitrary File Download (Unauthenticated)
  • webapps
    		•  Gonzalo Villegas
    2021-12-09 LimeSurvey 5.2.4 – Remote Code Execution (RCE) (Authenticated)
  • webapps
    		•  Y1LD1R1M
    2021-12-09 Chikitsa Patient Management System 2.0.2 – ‘backup’ Remote Code Execution (RCE) (Authenticated)
  • webapps
    		•  0z09e
    2021-12-09 Chikitsa Patient Management System 2.0.2 – ‘plugin’ Remote Code Execution (RCE) (Authenticated)
  • webapps
    		•  0z09e
    2021-12-09 Employees Daily Task Management System 1.0 – ‘multiple’ Cross Site Scripting (XSS)
  • webapps
    		•  able403
    2021-12-09 Employees Daily Task Management System 1.0 – ‘username’ SQLi Authentication Bypass
  • webapps
    		•  able403
    2021-12-09 Grafana 8.3.0 – Directory Traversal and Arbitrary File Read
  • webapps
    		•  s1gh
    2021-12-09 WordPress Plugin Catch Themes Demo Import 1.6.1 – Remote Code Execution (RCE) (Authenticated)
  • webapps
    		•  Ron Jost
    2021-12-06 Croogo 3.0.2 – Remote Code Execution (Authenticated)
  • webapps
    		•  Deha Berkin Bir
    2021-12-03 WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated)
  • webapps
    		•  Uriel Yochpaz
    2021-12-03 WordPress Plugin Slider by Soliloquy 2.6.2 – ‘title’ Stored Cross Site Scripting (XSS) (Authenticated)
  • webapps
    		•  Abdurrahman Erkan
    2021-12-03 WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI)
  • webapps
    		•  Mohamed Magdy Abumusilm
    2021-12-03 Online Magazine Management System 1.0 – SQLi Authentication Bypass
  • webapps
    		•  Mohamed habib Smidi
    2021-12-03 Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass
  • webapps
    		•  Mohamed habib Smidi
    2021-12-01 Online Enrollment Management System in PHP and PayPal 1.0 – ‘U_NAME’ Stored Cross-Site Scripting
  • webapps
    		•  Tushar Jadhav
    2021-11-30 Laundry Booking Management System 1.0 – Remote Code Execution (RCE)
  • webapps
    		•  Pablo Santiago
    2021-11-29 opencart 3.0.3.8 – Sessjion Injection
  • webapps
    		•  Hubert Wojciechowski
    2021-11-29 orangescrum 1.8.0 – ‘Multiple’ Cross-Site Scripting (XSS) (Authenticated)
  • webapps
    		•  Hubert Wojciechowski
    2021-11-29 orangescrum 1.8.0 – ‘Multiple’ SQL Injection (Authenticated)
  • webapps
    		•  Hubert Wojciechowski
    2021-11-29 orangescrum 1.8.0 – Privilege escalation (Authenticated)
  • webapps
    		•  Hubert Wojciechowski
    2021-11-26 Bagisto 1.3.3 – Client-Side Template Injection
  • webapps
    		•  Mohamed Abdellatif Jaber