المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

  1. [webapps] Park Ticketing Management System 1.0 - 'viewid' SQL Injection
  2. [webapps] Zoo Management System 1.0 - 'anid' SQL Injection
  3. [webapps] MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
  4. [webapps] SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (
  5. [webapps] Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Ta
  6. [webapps] MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
  7. [webapps] Simple Public Chat Room 1.0 - Authentication Bypass SQLi
  8. [webapps] Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
  9. [webapps] Online Grading System 1.0 - 'uname' SQL Injection
  10. [webapps] Quick.CMS 6.7 - Remote Code Execution (Authenticated)
  11. [webapps] BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
  12. [local] Metasploit Framework 6.0.11 - msfvenom APK template command injection
  13. [webapps] Fuel CMS 1.4.1 - Remote Code Execution (2)
  14. [webapps] Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
  15. [dos] jQuery UI 1.12.1 - Denial of Service (DoS)
  16. [webapps] WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Exec
  17. [webapps] OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
  18. [webapps] CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
  19. [webapps] EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
  20. [webapps] STVS ProVision 5.9.10 - File Disclosure (Authenticated)
  21. [webapps] STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
  22. [webapps] Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
  23. [webapps] Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Au
  24. [webapps] Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
  25. [webapps] Simple College Website 1.0 - 'full' Stored Cross Site Scripting
  26. [webapps] Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Script
  27. [webapps] Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
  28. [webapps] Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
  29. [webapps] CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
  30. [webapps] Library System 1.0 - 'category' SQL Injection
  31. [webapps] MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
  32. [webapps] Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
  33. [webapps] CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
  34. [webapps] Atlassian Confluence Widget Connector Macro - SSTI
  35. [webapps] Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthentica
  36. [webapps] Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
  37. [webapps] Library System 1.0 - Authentication Bypass Via SQL Injection
  38. [webapps] CASAP Automated Enrollment System 1.0 - Authentication Bypass
  39. [webapps] ERPNext 12.14.0 - SQL Injection (Authenticated)
  40. [webapps] Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
  41. [local] Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
  42. [webapps] Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthe
  43. [webapps] Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
  44. [webapps] Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
  45. [webapps] Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
  46. [webapps] Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unaut
  47. [webapps] Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
  48. [webapps] Anchor CMS 0.12.7 - CSRF (Delete user)
  49. [webapps] Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasplo
  50. [webapps] Online Documents Sharing Platform 1.0 - 'user' SQL Injection
  51. [webapps] Apartment Visitors Management System 1.0 - 'email' SQL Injection
  52. [webapps] Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
  53. [webapps] ChurchRota 2.6.4 - RCE (Authenticated)
  54. [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XS
  55. [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
  56. [webapps] osTicket 1.14.2 - SSRF
  57. [webapps] Life Insurance Management System 1.0 - 'client_id' SQL Injection
  58. [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
  59. [webapps] Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated
  60. [webapps] Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
  61. [webapps] Cisco UCS Manager 2.2(1d) - Remote Command Execution
  62. [webapps] Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
  63. [webapps] Alumni Management System 1.0 - "Last Name field in Registration page" Store
  64. [webapps] E-Learning System 1.0 - Authentication Bypass & RCE POC
  65. [webapps] EyesOfNetwork 5.3 - File Upload Remote Code Execution
  66. [webapps] PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox
  67. [webapps] WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripti
  68. [webapps] Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scrip
  69. [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
  70. [webapps] Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
  71. [webapps] Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
  72. [webapps] Laravel 8.4.2 debug mode - Remote code execution
  73. [webapps] Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
  74. [webapps] Online Movie Streaming 1.0 - Admin Authentication Bypass
  75. [webapps] Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
  76. [webapps] Online Shopping Cart System 1.0 - 'id' SQL Injection
  77. [webapps] Online Hotel Reservation System 1.0 - Admin Authentication Bypass
  78. [remote] Erlang Cookie - Remote Code Execution
  79. [webapps] SmartAgent 3.1.0 - Privilege Escalation
  80. [webapps] Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
  81. [webapps] Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
  82. [local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
  83. [webapps] Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
  84. [webapps] OpenCart 3.0.36 - ATO via Cross Site Request Forgery
  85. [webapps] EyesOfNetwork 5.3 - LFI
  86. [webapps] Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scr
  87. [webapps] WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site S
  88. [webapps] Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
  89. [webapps] EyesOfNetwork 5.3 - RCE & PrivEsc
  90. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Me
  91. [webapps] Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
  92. [webapps] WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (M
  93. [webapps] Online Doctor Appointment System 1.0 - Multiple Stored XSS
  94. [webapps] Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
  95. [local] dnsrecon 0.10.0 - CSV Injection
  96. [webapps] Life Insurance Management System 1.0 - Multiple Stored XSS
  97. [webapps] ECSIMAGING PACS 6.21.5 - SQL injection
  98. [webapps] CRUD Operation 1.0 - Multiple Stored XSS
  99. [webapps] ECSIMAGING PACS 6.21.5 - Remote code execution
  100. [webapps] Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execut
  101. [webapps] Cockpit CMS 0.6.1 - Remote Code Execution
  102. [webapps] Curfew e-Pass Management System 1.0 - Stored XSS
  103. [webapps] iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
  104. [webapps] Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
  105. [local] H2 Database 1.4.199 - JNI Code Execution
  106. [webapps] Gitea 1.7.5 - Remote Code Execution
  107. [local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
  108. [webapps] Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
  109. [local] WinAVR Version 20100110 - Insecure Folder Permissions
  110. [webapps] Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
  111. [webapps] Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
  112. [webapps] WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross S
  113. [webapps] Responsive E-Learning System 1.0 - Stored Cross Site Scripting
  114. [webapps] Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
  115. [webapps] WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
  116. [webapps] Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
  117. [webapps] IPeakCMS 3.5 - Boolean-based blind SQLi
  118. [local] IObit Uninstaller 10 Pro - Unquoted Service Path
  119. [local] dirsearch 0.4.1 - CSV Injection
  120. [webapps] Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
  121. [webapps] Klog Server 2.4.1 - Command Injection (Unauthenticated)
  122. [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multi
  123. [webapps] Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticate
  124. [webapps] HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
  125. [webapps] Cassandra Web 0.5.0 - Remote File Read
  126. [local] Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
  127. [webapps] CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
  128. [webapps] Online Learning Management System 1.0 - RCE (Authenticated)
  129. [webapps] Baby Care System 1.0 - 'Post title' Stored XSS
  130. [webapps] Responsive FileManager 9.13.4 - 'path' Path Traversal
  131. [webapps] Responsive ELearning System 1.0 - 'id' Sql Injection
  132. [webapps] WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
  133. [webapps] Online Movie Streaming 1.0 - Authentication Bypass
  134. [webapps] IncomCMS 2.0 - Insecure File Upload
  135. [webapps] House Rental and Property Listing 1.0 - Multiple Stored XSS
  136. [webapps] Resumes Management and Job Application Website 1.0 - Authentication Bypass
  137. [webapps] WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[cu
  138. [local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Se
  139. [webapps] Arteco Web Client DVR/NVR - 'SessionId' Brute Force
  140. [webapps] Subrion CMS 4.2.1 - 'avatar[path]' XSS
  141. [webapps] Click2Magic 1.1.5 - Stored Cross-Site Scripting
  142. [webapps] Advanced Comment System 1.0 - 'ACS_path' Path Traversal
  143. [webapps] sar2html 3.2.1 - 'plot' Remote Code Execution
  144. [webapps] CMS Made Simple 2.2.15 - RCE (Authenticated)
  145. [webapps] Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
  146. [local] Knockpy 4.1.1 - CSV Injection
  147. [dos] Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
  148. [webapps] Wordpress Core 5.2.2 - 'post previews' XSS
  149. [webapps] 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
  150. [local] MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
  151. [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
  152. [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scrip
  153. [webapps] GitLab 11.4.7 - RCE (Authenticated)
  154. [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
  155. [webapps] TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
  156. [webapps] Baby Care System 1.0 - 'roleid' SQL Injection
  157. [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
  158. [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Inje
  159. [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
  160. [webapps] Class Scheduling System 1.0 - Multiple Stored XSS
  161. [webapps] Online Learning Management System 1.0 - Authentication Bypass
  162. [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
  163. [webapps] Artworks Gallery Management System 1.0 - 'id' SQL Injection
  164. [webapps] Faculty Evaluation System 1.0 - Stored XSS
  165. [webapps] TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
  166. [local] 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
  167. [webapps] Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)
  168. [webapps] WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Meta
  169. [webapps] Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
  170. [webapps] CSE Bookstore 1.0 - Multiple SQL Injection
  171. [webapps] Library Management System 3.0 - "Add Category" Stored XSS
  172. [webapps] Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
  173. [webapps] Victor CMS 1.0 - File Upload To RCE
  174. [webapps] Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Us
  175. [webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Us
  176. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
  177. [webapps] Point of Sale System 1.0 - Multiple Stored XSS
  178. [webapps] Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
  179. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
  180. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
  181. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
  182. [webapps] Spiceworks 7.5 - HTTP Header Injection
  183. [webapps] SCO Openserver 5.0.7 - 'section' Reflected XSS
  184. [webapps] SCO Openserver 5.0.7 - 'outputform' Command Injection
  185. [webapps] Queue Management System 4.0.0 - "Add User" Stored XSS
  186. [webapps] Spotweb 1.4.9 - 'search' SQL Injection
  187. [webapps] Academy-LMS 4.3 - Stored XSS
  188. [webapps] Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
  189. [remote] FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
  190. [webapps] Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
  191. [webapps] SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
  192. [webapps] Smart Hospital 3.1 - "Add Patient" Stored XSS
  193. [webapps] Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (M
  194. [webapps] Alumni Management System 1.0 - 'id' SQL Injection
  195. [webapps] Point of Sale System 1.0 - Authentication Bypass
  196. [webapps] Alumni Management System 1.0 - Unrestricted File Upload To RCE
  197. [webapps] Alumni Management System 1.0 - "Course Form" Stored XSS
  198. [dos] nxlog 2.10.2150 - DoS (Poc)
  199. [webapps] Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
  200. [webapps] PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)
  201. [webapps] Linksys RE6500 1.0.11.001 - Unauthenticated RCE
  202. [webapps] Content Management System 1.0 - 'First Name' Stored XSS
  203. [webapps] Content Management System 1.0 - 'email' SQL Injection
  204. [webapps] Content Management System 1.0 - 'id' SQL Injection
  205. [webapps] Medical Center Portal Management System 1.0 - 'id' SQL Injection
  206. [webapps] Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS
  207. [webapps] Customer Support System 1.0 - 'id' SQL Injection
  208. [webapps] Online Tours & Travels Management System 1.0 - "id" SQL Injection
  209. [webapps] Interview Management System 1.0 - Stored XSS in Add New Question
  210. [webapps] Interview Management System 1.0 - 'id' SQL Injection
  211. [webapps] Employee Record System 1.0 - Multiple Stored XSS
  212. [webapps] Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
  213. [webapps] Seotoaster 3.2.0 - Stored XSS on Edit page properties
  214. [webapps] Magic Home Pro 1.5.1 - Authentication Bypass
  215. [webapps] PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injec
  216. [webapps] Raysync 3.3.3.8 - RCE
  217. [webapps] GitLab 11.4.7 - Remote Code Execution (Authenticated)
  218. [webapps] Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Sc
  219. [webapps] Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
  220. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root
  221. [local] libbabl 0.1.62 - Broken Double Free Detection (PoC)
  222. [webapps] Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Aut
  223. [webapps] Task Management System 1.0 - 'page' Local File Inclusion
  224. [webapps] Gitlab 11.4.7 - Remote Code Execution
  225. [webapps] Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
  226. [webapps] Rumble Mail Server 0.51.3135 - 'username' Stored XSS
  227. [webapps] Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
  228. [webapps] Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
  229. [webapps] WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
  230. [webapps] Seacms 11.1 - 'file' Local File Inclusion
  231. [webapps] Seacms 11.1 - 'checkuser' Stored XSS
  232. [webapps] Seacms 11.1 - 'ip and weburl' Remote Command Execution
  233. [local] System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
  234. [webapps] MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
  235. [webapps] LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
  236. [webapps] Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
  237. [webapps] Dolibarr 12.0.3 - SQLi to RCE
  238. [webapps] Courier Management System 1.0 - 'First Name' Stored XSS
  239. [webapps] Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
  240. [webapps] Courier Management System 1.0 - 'ref_no' SQL Injection
  241. [webapps] Jenkins 2.235.3 - 'Description' Stored XSS
  242. [webapps] Rukovoditel 2.6.1 - RCE
  243. [webapps] Supply Chain Management System - Auth Bypass SQL Injection
  244. [webapps] Openfire 4.6.0 - 'groupchatJID' Stored XSS
  245. [webapps] Openfire 4.6.0 - 'users' Stored XSS
  246. [webapps] Openfire 4.6.0 - 'sql' Stored XSS
  247. [webapps] Medical Center Portal Management System 1.0 - Multiple Stored XSS
  248. [webapps] Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
  249. [webapps] OpenCart 3.0.3.6 - Cross Site Request Forgery
  250. [webapps] WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scriptin