المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

  1. [local] SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path
  2. [webapps] Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
  3. [webapps] VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Un
  4. [webapps] Adobe ColdFusion 8 - Remote Command Execution (RCE)
  5. [webapps] TP-Link TL-WR841N - Command Injection
  6. [webapps] Huawei dg8045 - Authentication Bypass
  7. [webapps] Online Library Management System 1.0 - 'Search' SQL Injection
  8. [webapps] Online Library Management System 1.0 - Arbitrary File Upload Remote Code Ex
  9. [webapps] Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
  10. [webapps] WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
  11. [webapps] WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dat
  12. [webapps] Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticat
  13. [webapps] Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference
  14. [local] ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted S
  15. [local] Remote Mouse GUI 3.008 - Local Privilege Escalation
  16. [local] Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquot
  17. [webapps] Customer Relationship Management System (CRM) 1.0 - Remote Code Execution
  18. [local] Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
  19. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
  20. [local] iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
  21. [webapps] Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
  22. [webapps] Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF
  23. [webapps] Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
  24. [webapps] OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
  25. [remote] Dlink DSL2750U - 'Reboot' Command Injection
  26. [webapps] Node.JS - 'node-serialize' Remote Code Execution (3)
  27. [webapps] ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
  28. [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fix
  29. [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
  30. [webapps] Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
  31. [local] Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Servic
  32. [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
  33. [local] VX Search 13.5.28 - 'Multiple' Unquoted Service Path
  34. [local] Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
  35. [local] Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
  36. [local] Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
  37. [webapps] Unified Office Total Connect Now 1.0 - 'data' SQL Injection
  38. [webapps] CKEditor 3 - Server-Side Request Forgery (SSRF)
  39. [webapps] Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting
  40. [webapps] OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass
  41. [webapps] Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authentic
  42. [webapps] Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
  43. [local] Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
  44. [local] DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path
  45. [local] Polkit 0.105-26 0.117-2 - Local Privilege Escalation
  46. [local] Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path
  47. [local] SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path
  48. [webapps] Client Management System 1.1 - 'Search' SQL Injection
  49. [webapps] Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)
  50. [local] Brother BRPrint Auditor - 'Multiple' Unquoted Service Path
  51. [local] Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
  52. [dos] Notex the best notes 6.4 - Denial of Service (PoC)
  53. [dos] Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
  54. [dos] Post-it 5.0.1 - Denial of Service (PoC)
  55. [local] Spy Emergency 25.0.650 - 'Multiple' Unquoted Service Path
  56. [webapps] OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)
  57. [local] WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
  58. [webapps] TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
  59. [webapps] Small CRM 3.0 - 'Authentication Bypass' SQL Injection
  60. [webapps] Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
  61. [webapps] COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting
  62. [webapps] GLPI 9.4.5 - Remote Code Execution (RCE)
  63. [webapps] Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object Refe
  64. [webapps] Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
  65. [webapps] WoWonder Social Network Platform 3.1 - Authentication Bypass
  66. [webapps] Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authentica
  67. [webapps] Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
  68. [webapps] Solar-Log 500 2.8.2 - Incorrect Access Control
  69. [webapps] Grocery crud 1.6.4 - 'order_by' SQL Injection
  70. [webapps] WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF
  71. [webapps] OpenEMR 5.0.0 - Remote Code Execution (Authenticated)
  72. [webapps] Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' S
  73. [webapps] Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
  74. [webapps] Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)
  75. [dos] n+otes 1.6.2 - Denial of Service (PoC)
  76. [dos] Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
  77. [local] memono Notepad Version 4.2 - Denial of Service (PoC)
  78. [webapps] TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
  79. [webapps] Student Result Management System 1.0 - 'class' SQL Injection
  80. [webapps] GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)
  81. [webapps] OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
  82. [webapps] WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scriptin
  83. [webapps] OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)
  84. [webapps] Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF
  85. [local] Backup Key Recovery 2.2.7 - Denial of Service (PoC)
  86. [webapps] WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)
  87. [dos] NBMonitor 1.6.8 - Denial of Service (PoC)
  88. [dos] Nsauditor 3.2.3 - Denial of Service (PoC)
  89. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
  90. [webapps] WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scriptin
  91. [local] IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
  92. [webapps] Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)
  93. [webapps] Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated)
  94. [webapps] OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution
  95. [dos] Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
  96. [dos] Macaron Notes great notebook 5.5 - Denial of Service (PoC)
  97. [dos] My Notes Safe 5.3 - Denial of Service (PoC)
  98. [webapps] Gitlab 13.10.2 - Remote Code Execution (Authenticated)
  99. [dos] Color Notes 1.4 - Denial of Service (PoC)
  100. [webapps] Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
  101. [dos] Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
  102. [webapps] 4Images 1.8 - 'redirect' Reflected XSS
  103. [webapps] Gitlab 13.9.3 - Remote Code Execution (Authenticated)
  104. [webapps] FUDForum 3.1.0 - 'srch' Reflected XSS
  105. [webapps] FUDForum 3.1.0 - 'author' Reflected XSS
  106. [remote] CHIYU IoT Devices - 'Telnet' Authentication Bypass
  107. [webapps] CHIYU IoT Devices - Denial of Service (DoS)
  108. [dos] BasicNote 1.1.9 - Denial of Service (PoC)
  109. [dos] ColorNote 4.1.9 - Denial of Service (PoC)
  110. [dos] Notepad notes 2.6.7 - Denial of Service (PoC)
  111. [dos] Blacknote 2.2.1 - Denial of Service (PoC)
  112. [webapps] Seo Panel 4.8.0 - 'from_time' Reflected XSS
  113. [webapps] PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
  114. [webapps] Seo Panel 4.8.0 - 'category' Reflected XSS
  115. [webapps] Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
  116. [webapps] GetSimple CMS 3.3.4 - Information Disclosure
  117. [local] Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Servic
  118. [webapps] Products.PluggableAuthService 2.6.0 - Open Redirect
  119. [webapps] Seo Panel 4.8.0 - 'search_name' Reflected XSS
  120. [webapps] Thecus N4800Eco Nas Server Control Panel - Comand Injection
  121. [webapps] Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
  122. [local] Veyon 4.4.1 - 'VeyonService' Unquoted Service Path
  123. [webapps] ProjeQtOr Project Management 9.1.4 - Remote Code Execution
  124. [webapps] Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)
  125. [webapps] WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-S
  126. [webapps] CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
  127. [webapps] CHIYU TCP/IP Converter devices - CRLF injection
  128. [dos] DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
  129. [webapps] LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)
  130. [webapps] WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
  131. [webapps] Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
  132. [webapps] Trixbox 2.8.0.4 - 'lang' Path Traversal
  133. [webapps] Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
  134. [webapps] PHPFusion 9.03.50 - Remote Code Execution
  135. [webapps] Postbird 0.8.4 - Javascript Injection
  136. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
  137. [remote] ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
  138. [webapps] Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
  139. [dos] RarmaRadio 2.72.8 - Denial of Service (PoC)
  140. [webapps] Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site
  141. [webapps] WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scr
  142. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
  143. [webapps] WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cro
  144. [webapps] Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To
  145. [dos] iDailyDiary 4.30 - Denial of Service (PoC)
  146. [local] DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
  147. [local] ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path
  148. [webapps] Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
  149. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
  150. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
  151. [webapps] WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Una
  152. [local] DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
  153. [local] Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
  154. [webapps] Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
  155. [local] Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path
  156. [local] Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
  157. [local] ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
  158. [webapps] ManageEngine ADSelfService Plus 6.1 - CSV Injection
  159. [webapps] COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)
  160. [webapps] COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (
  161. [webapps] In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
  162. [local] Visual Studio Code 1.47.1 - Denial of Service (Poc)
  163. [dos] WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
  164. [webapps] WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scriptin
  165. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download
  166. [webapps] EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
  167. [webapps] IPFire 2.25 - Remote Code Execution (Authenticated)
  168. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent C
  169. [webapps] Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forge
  170. [local] Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
  171. [webapps] Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
  172. [webapps] Billing Management System 2.0 - Union based SQL injection (Authenticated)
  173. [webapps] Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
  174. [webapps] Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
  175. [webapps] Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File
  176. [webapps] Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent C
  177. [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (
  178. [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting
  179. [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
  180. [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-F
  181. [local] Firefox 72 IonMonkey - JIT Type Confusion
  182. [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (S
  183. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL I
  184. [webapps] ZeroShell 3.9.0 - Remote Command Execution
  185. [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
  186. [local] Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
  187. [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  188. [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
  189. [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
  190. [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
  191. [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
  192. [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Sit
  193. [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
  194. [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
  195. [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
  196. [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
  197. [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
  198. [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthentica
  199. [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
  200. [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May
  201. [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
  202. [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
  203. [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated
  204. [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
  205. [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
  206. [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
  207. [webapps] StudyMD 0.3.2 - XSS to RCE
  208. [webapps] Freeter 1.2.1 - XSS to RCE
  209. [webapps] Markright 1.0 - XSS to RCE
  210. [webapps] Markdownify 1.2.0 - XSS to RCE
  211. [webapps] Anote 1.0 - XSS to RCE
  212. [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
  213. [webapps] Markdown Explorer 0.1.1 - XSS to RCE
  214. [webapps] Xmind 2020 - XSS to RCE
  215. [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
  216. [webapps] SnipCommand 0.1.0 - XSS to RCE
  217. [webapps] Moeditor 0.2.0 - XSS to RCE
  218. [webapps] Marky 0.0.1 - XSS to RCE
  219. [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Up
  220. [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
  221. [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
  222. [webapps] Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
  223. [webapps] Piwigo 11.3.0 - 'language' SQL
  224. [webapps] GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
  225. [remote] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
  226. [webapps] Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
  227. [webapps] Emoji for NodeBB 3.2.1 - Arbitrary File Write
  228. [webapps] FOGProject 1.5.9 - File Upload RCE (Authenticated)
  229. [webapps] Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
  230. [webapps] Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
  231. [webapps] Montiorr 1.7.6m - File Upload to XSS
  232. [dos] WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
  233. [webapps] Kimai 1.14 - CSV Injection
  234. [webapps] OpenPLC 3 - Remote Code Execution (Authenticated)
  235. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
  236. [webapps] Hasura GraphQL 1.3.3 - Remote Code Execution
  237. [webapps] Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
  238. [webapps] Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS
  239. [webapps] DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
  240. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
  241. [webapps] Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
  242. [webapps] RemoteClinic 2.0 - 'Full Name' Stored Cross-Site Scripting (XSS)
  243. [webapps] RemoteClinic 2.0 - 'Symptoms' Stored Cross-Site Scripting (XSS)
  244. [webapps] CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
  245. [webapps] OTRS 6.0.1 - Remote Command Execution (2)
  246. [webapps] Hasura GraphQL 1.3.3 - Local File Read
  247. [webapps] Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
  248. [webapps] GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
  249. [dos] Hasura GraphQL 1.3.3 - Denial of Service
  250. [webapps] Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration