المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

  1. [webapps] ManageEngine ADSelfService Plus 6.1 - CSV Injection
  2. [webapps] COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)
  3. [webapps] COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (
  4. [webapps] In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
  5. [local] Visual Studio Code 1.47.1 - Denial of Service (Poc)
  6. [dos] WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
  7. [webapps] WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scriptin
  8. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download
  9. [webapps] EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
  10. [webapps] IPFire 2.25 - Remote Code Execution (Authenticated)
  11. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent C
  12. [webapps] Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forge
  13. [local] Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
  14. [webapps] Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
  15. [webapps] Billing Management System 2.0 - Union based SQL injection (Authenticated)
  16. [webapps] Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
  17. [webapps] Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
  18. [webapps] Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File
  19. [webapps] Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent C
  20. [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (
  21. [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting
  22. [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
  23. [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-F
  24. [local] Firefox 72 IonMonkey - JIT Type Confusion
  25. [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (S
  26. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL I
  27. [webapps] ZeroShell 3.9.0 - Remote Command Execution
  28. [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
  29. [local] Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
  30. [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  31. [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
  32. [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
  33. [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
  34. [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
  35. [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Sit
  36. [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
  37. [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
  38. [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
  39. [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
  40. [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
  41. [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthentica
  42. [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
  43. [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May
  44. [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
  45. [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
  46. [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated
  47. [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
  48. [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
  49. [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
  50. [webapps] StudyMD 0.3.2 - XSS to RCE
  51. [webapps] Freeter 1.2.1 - XSS to RCE
  52. [webapps] Markright 1.0 - XSS to RCE
  53. [webapps] Markdownify 1.2.0 - XSS to RCE
  54. [webapps] Anote 1.0 - XSS to RCE
  55. [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
  56. [webapps] Markdown Explorer 0.1.1 - XSS to RCE
  57. [webapps] Xmind 2020 - XSS to RCE
  58. [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
  59. [webapps] SnipCommand 0.1.0 - XSS to RCE
  60. [webapps] Moeditor 0.2.0 - XSS to RCE
  61. [webapps] Marky 0.0.1 - XSS to RCE
  62. [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Up
  63. [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
  64. [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
  65. [webapps] Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
  66. [webapps] Piwigo 11.3.0 - 'language' SQL
  67. [webapps] GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
  68. [remote] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
  69. [webapps] Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
  70. [webapps] Emoji for NodeBB 3.2.1 - Arbitrary File Write
  71. [webapps] FOGProject 1.5.9 - File Upload RCE (Authenticated)
  72. [webapps] Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
  73. [webapps] Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
  74. [webapps] Montiorr 1.7.6m - File Upload to XSS
  75. [dos] WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
  76. [webapps] Kimai 1.14 - CSV Injection
  77. [webapps] OpenPLC 3 - Remote Code Execution (Authenticated)
  78. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
  79. [webapps] Hasura GraphQL 1.3.3 - Remote Code Execution
  80. [webapps] Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
  81. [webapps] Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS
  82. [webapps] DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
  83. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
  84. [webapps] Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
  85. [webapps] RemoteClinic 2.0 - 'Full Name' Stored Cross-Site Scripting (XSS)
  86. [webapps] RemoteClinic 2.0 - 'Symptoms' Stored Cross-Site Scripting (XSS)
  87. [webapps] CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
  88. [webapps] OTRS 6.0.1 - Remote Command Execution (2)
  89. [webapps] Hasura GraphQL 1.3.3 - Local File Read
  90. [webapps] Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
  91. [webapps] GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
  92. [dos] Hasura GraphQL 1.3.3 - Denial of Service
  93. [webapps] Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
  94. [webapps] Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scri
  95. [webapps] OpenEMR 5.0.2.1 - Remote Code Execution
  96. [webapps] Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scr
  97. [webapps] rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticat
  98. [remote] Tenda D151 & D301 - Configuration Download (Unauthenticated)
  99. [webapps] RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
  100. [webapps] Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
  101. [webapps] BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
  102. [webapps] WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (X
  103. [webapps] Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
  104. [webapps] Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote
  105. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
  106. [dos] glFTPd 2.11a - Remote Denial of Service
  107. [webapps] htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
  108. [webapps] Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
  109. [webapps] Horde Groupware Webmail 5.2.22 - Stored XSS
  110. [local] MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
  111. [webapps] jQuery 1.2 - Cross-Site Scripting (XSS)
  112. [webapps] jQuery 1.0.3 - Cross-Site Scripting (XSS)
  113. [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
  114. [webapps] Digital Crime Report Management System 1.0 - SQL Injection (Authentication
  115. [webapps] CITSmart ITSM 9.1.2.22 - LDAP Injection
  116. [webapps] CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authentica
  117. [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
  118. [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypas
  119. [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
  120. [remote] vsftpd 2.3.4 - Backdoor Command Execution
  121. [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
  122. [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Executio
  123. [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
  124. [webapps] Composr 10.0.36 - Remote Code Execution
  125. [webapps] CMSimple 5.2 - 'External' Stored XSS
  126. [webapps] Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
  127. [webapps] Composr CMS 10.0.36 - Cross Site Scripting
  128. [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
  129. [remote] Google Chrome 81.0.4044 V8 - Remote Code Execution
  130. [webapps] Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
  131. [local] Google Chrome V8 Engine 8.9.40 - Remote Code Execution
  132. [webapps] Mini Mouse 9.2.0 - Path Traversal
  133. [webapps] Mini Mouse 9.2.0 - Remote Code Execution
  134. [webapps] Simple Food Website 1.0 - Authentication Bypass
  135. [webapps] Basic Shopping Cart 1.0 - Authentication Bypass
  136. [webapps] OpenEMR 4.1.0 - 'u' SQL Injection
  137. [local] Rockstar Service - Insecure File Permissions
  138. [webapps] F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)
  139. [webapps] ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation
  140. [webapps] phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
  141. [webapps] Latrix 0.6.0 - 'txtaccesscode' SQL Injection
  142. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
  143. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
  144. [webapps] Zabbix 3.4.7 - Stored XSS
  145. [dos] DD-WRT 45723 - UPNP Buffer Overflow (PoC)
  146. [webapps] CourseMS 2.1 - 'name' Stored XSS
  147. [webapps] GetSimple CMS 3.3.16 - Reflected XSS to RCE
  148. [webapps] Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
  149. [webapps] TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthe
  150. [webapps] Concrete5 8.5.4 - 'name' Stored XSS
  151. [webapps] Equipment Inventory System 1.0 - 'multiple' Stored XSS
  152. [webapps] Budget Management System 1.0 - 'Budget title' Stored XSS
  153. [webapps] Novel Boutique House-plus 3.5.1 - Arbitrary File Download
  154. [webapps] SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
  155. [webapps] WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticate
  156. [remote] vsftpd 3.0.3 - Remote Denial of Service
  157. [webapps] Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
  158. [webapps] GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
  159. [webapps] Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
  160. [webapps] Ovidentia 6 - 'id' SQL injection (Authenticated)
  161. [webapps] Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
  162. [webapps] Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site S
  163. [webapps] Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RC
  164. [local] Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path
  165. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated)
  166. [local] ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path
  167. [local] Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service
  168. [webapps] Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
  169. [local] Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path
  170. [local] ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
  171. [webapps] MyBB 1.8.25 - Poll Vote Count SQL Injection
  172. [webapps] MyBB 1.8.25 - Chained Remote Command Execution
  173. [dos] ProFTPD 1.3.7a - Remote Denial of Service
  174. [local] OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
  175. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password
  176. [webapps] WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Travers
  177. [local] MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
  178. [local] Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
  179. [local] Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path
  180. [local] Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path
  181. [local] SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpda
  182. [webapps] Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
  183. [webapps] Online News Portal 1.0 - 'name' SQL Injection
  184. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthen
  185. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenti
  186. [dos] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticate
  187. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
  188. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials She
  189. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
  190. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authen
  191. [local] SOYAL 701 Server 9.0.1 - Insecure Permissions
  192. [local] SOYAL 701 Client 9.0.1 - Insecure Permissions
  193. [webapps] SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
  194. [webapps] SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
  195. [webapps] VestaCP 0.9.8 - 'v_sftp_licence' Command Injection
  196. [local] Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
  197. [webapps] Profiling System for Human Resource Management 1.0 - Remote Code Execution
  198. [local] BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
  199. [webapps] Boonex Dolphin 7.4.2 - 'width' Stored XSS
  200. [webapps] LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
  201. [webapps] Plone CMS 5.2.3 - 'Title' Stored XSS
  202. [webapps] Hestia Control Panel 1.3.2 - Arbitrary File Write
  203. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
  204. [webapps] rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution*(Authenticat
  205. [remote] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  206. [local] VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
  207. [webapps] VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
  208. [local] FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buf
  209. [webapps] VestaCP 0.9.8 - File Upload CSRF
  210. [webapps] WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
  211. [local] GeoGebra CAS Calculato?r? 6.0.631.0 - Denial of Service (PoC)
  212. [local] GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
  213. [local] GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
  214. [local] GeoGebra Graphing Calculato?r? 6.0.631.0 - Denial Of Service (PoC)
  215. [webapps] Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (Fil
  216. [webapps] SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
  217. [webapps] Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
  218. [local] QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
  219. [local] Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
  220. [local] eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
  221. [local] Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
  222. [webapps] openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
  223. [webapps] MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
  224. [webapps] rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
  225. [webapps] Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
  226. [webapps] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  227. [local] Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
  228. [webapps] Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
  229. [webapps] Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
  230. [dos] Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC
  231. [webapps] MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
  232. [webapps] NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation
  233. [webapps] Atlassian JIRA 8.11.1 - User Enumeration
  234. [remote] Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)
  235. [local] FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
  236. [local] Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
  237. [local] bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path
  238. [webapps] GLPI 9.5.3 - 'fromtype' Unsafe Reflection
  239. [local] Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
  240. [local] Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
  241. [webapps] Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthentica
  242. [local] Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path
  243. [webapps] Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)
  244. [webapps] Fluig 1.7.0 - Path Traversal
  245. [remote] CatDV 9.2 - RMI Authentication Bypass
  246. [webapps] Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
  247. [webapps] Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
  248. [webapps] Textpattern 4.8.3 - Remote code execution (Authenticated) (2)
  249. [webapps] Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)
  250. [webapps] Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)