المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  1. [remote] ASUS Remote Link 1.1.2.13 - Remote Code Execution
  2. [webapps] LayerBB 1.1.4 - 'search_query' SQL Injection
  3. [local] Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
  4. [dos] SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
  5. [dos] Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
  6. [remote] python jsonpickle 2.0.0 - Remote Code Execution
  7. [local] LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
  8. [remote] Unified Remote 3.9.0.2463 - Remote Code Execution
  9. [remote] HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
  10. [webapps] Monica 2.19.1 - 'last_name' Stored XSS
  11. [webapps] Batflat CMS 1.3.6 - 'multiple' Stored XSS
  12. [webapps] Beauty Parlour Management System 1.0 - 'sername' SQL Injection
  13. [webapps] OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting
  14. [webapps] Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
  15. [webapps] Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
  16. [local] dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC)
  17. [webapps] PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scr
  18. [local] Apport 2.20 - Local Privilege Escalation
  19. [webapps] Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
  20. [webapps] Gitea 1.12.5 - Remote Code Execution (Authenticated)
  21. [webapps] Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
  22. [webapps] Billing Management System 2.0 - 'email' SQL injection Auth Bypass
  23. [webapps] Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
  24. [webapps] BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
  25. [dos] Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
  26. [dos] AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
  27. [dos] Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
  28. [webapps] TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
  29. [webapps] Teachers Record Management System 1.0 - 'searchteacher' SQL Injection
  30. [local] Tasks 9.7.3 - Insecure Permissions
  31. [local] PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path
  32. [webapps] School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
  33. [webapps] School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Si
  34. [webapps] b2evolution 6.11.6 - 'tab3' Reflected XSS
  35. [webapps] Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)
  36. [webapps] Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
  37. [webapps] PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
  38. [webapps] b2evolution 6.11.6 - 'redirect_to' Open Redirect
  39. [webapps] Node.JS - 'node-serialize' Remote Code Execution (2)
  40. [webapps] b2evolution 6.11.6 - 'plugin name' Stored XSS
  41. [local] Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
  42. [local] AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path
  43. [webapps] Adobe Connect 10 - Username Disclosure
  44. [webapps] Online Car Rental System 1.0 - Stored Cross Site Scripting
  45. [webapps] WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
  46. [webapps] WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
  47. [webapps] WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerab
  48. [webapps] WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabil
  49. [local] Microsoft Internet Explorer 11 32-bit - Use-After-Free
  50. [webapps] WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
  51. [webapps] WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
  52. [webapps] Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS
  53. [webapps] Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (
  54. [webapps] WordPress Plugin Ultimate Maps 1.1.12 - 'sidx' SQL injection
  55. [webapps] WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL i
  56. [local] Millewin 13.39.146.1 - Local Privilege Escalation
  57. [webapps] Jenzabar 9.2.2 - 'query' Reflected XSS.
  58. [webapps] SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
  59. [webapps] YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
  60. [local] AMD Fuel Service - 'Fuel.service' Unquote Service Path
  61. [webapps] WordPress Plugin Pricing Table by Supsystic 1.8.7 - Multiple Vulnerabilitie
  62. [local] SmartFoxServer 2X 2.17.0 - Credentials Disclosure
  63. [local] SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
  64. [webapps] SEO Panel 4.6.0 - Remote Code Execution (2)
  65. [webapps] PhreeBooks 5.2.3 ERP - Remote Code Execution (2)
  66. [webapps] LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
  67. [local] Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalati
  68. [local] Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalati
  69. [webapps] Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
  70. [webapps] Pixelimity 1.0 - 'password' Cross-Site Request Forgery
  71. [local] Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
  72. [local] Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
  73. [local] Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
  74. [local] Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
  75. [local] Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
  76. [webapps] Student Record System 4.0 - 'cid' SQL Injection
  77. [webapps] WordPress 5.0.0 - Image Remote Code Execution
  78. [webapps] Klog Server 2.4.1 - Command Injection (Authenticated)
  79. [webapps] Roundcube Webmail 1.2 - File Disclosure
  80. [webapps] Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Script
  81. [webapps] H8 SSRMS - 'id' IDOR
  82. [webapps] MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
  83. [webapps] bloofoxCMS 0.5.2.1 - CSRF (Add user)
  84. [webapps] MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
  85. [webapps] User Management System 1.0 - 'uid' SQL Injection
  86. [webapps] Park Ticketing Management System 1.0 - 'viewid' SQL Injection
  87. [webapps] Zoo Management System 1.0 - 'anid' SQL Injection
  88. [webapps] MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
  89. [webapps] SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (
  90. [webapps] Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Ta
  91. [webapps] MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
  92. [webapps] Simple Public Chat Room 1.0 - Authentication Bypass SQLi
  93. [webapps] Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
  94. [webapps] Online Grading System 1.0 - 'uname' SQL Injection
  95. [webapps] Quick.CMS 6.7 - Remote Code Execution (Authenticated)
  96. [webapps] BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
  97. [local] Metasploit Framework 6.0.11 - msfvenom APK template command injection
  98. [webapps] Fuel CMS 1.4.1 - Remote Code Execution (2)
  99. [webapps] Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
  100. [dos] jQuery UI 1.12.1 - Denial of Service (DoS)
  101. [webapps] WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Exec
  102. [webapps] OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
  103. [webapps] CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
  104. [webapps] EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
  105. [webapps] STVS ProVision 5.9.10 - File Disclosure (Authenticated)
  106. [webapps] STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
  107. [webapps] Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
  108. [webapps] Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Au
  109. [webapps] Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
  110. [webapps] Simple College Website 1.0 - 'full' Stored Cross Site Scripting
  111. [webapps] Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Script
  112. [webapps] Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
  113. [webapps] Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
  114. [webapps] CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
  115. [webapps] Library System 1.0 - 'category' SQL Injection
  116. [webapps] MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
  117. [webapps] Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
  118. [webapps] CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
  119. [webapps] Atlassian Confluence Widget Connector Macro - SSTI
  120. [webapps] Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthentica
  121. [webapps] Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
  122. [webapps] Library System 1.0 - Authentication Bypass Via SQL Injection
  123. [webapps] CASAP Automated Enrollment System 1.0 - Authentication Bypass
  124. [webapps] ERPNext 12.14.0 - SQL Injection (Authenticated)
  125. [webapps] Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
  126. [local] Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
  127. [webapps] Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthe
  128. [webapps] Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
  129. [webapps] Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
  130. [webapps] Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
  131. [webapps] Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unaut
  132. [webapps] Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
  133. [webapps] Anchor CMS 0.12.7 - CSRF (Delete user)
  134. [webapps] Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasplo
  135. [webapps] Online Documents Sharing Platform 1.0 - 'user' SQL Injection
  136. [webapps] Apartment Visitors Management System 1.0 - 'email' SQL Injection
  137. [webapps] Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
  138. [webapps] ChurchRota 2.6.4 - RCE (Authenticated)
  139. [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XS
  140. [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
  141. [webapps] osTicket 1.14.2 - SSRF
  142. [webapps] Life Insurance Management System 1.0 - 'client_id' SQL Injection
  143. [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
  144. [webapps] Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated
  145. [webapps] Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
  146. [webapps] Cisco UCS Manager 2.2(1d) - Remote Command Execution
  147. [webapps] Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
  148. [webapps] Alumni Management System 1.0 - "Last Name field in Registration page" Store
  149. [webapps] E-Learning System 1.0 - Authentication Bypass & RCE POC
  150. [webapps] EyesOfNetwork 5.3 - File Upload Remote Code Execution
  151. [webapps] PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox
  152. [webapps] WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripti
  153. [webapps] Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scrip
  154. [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
  155. [webapps] Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
  156. [webapps] Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
  157. [webapps] Laravel 8.4.2 debug mode - Remote code execution
  158. [webapps] Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
  159. [webapps] Online Movie Streaming 1.0 - Admin Authentication Bypass
  160. [webapps] Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
  161. [webapps] Online Shopping Cart System 1.0 - 'id' SQL Injection
  162. [webapps] Online Hotel Reservation System 1.0 - Admin Authentication Bypass
  163. [remote] Erlang Cookie - Remote Code Execution
  164. [webapps] SmartAgent 3.1.0 - Privilege Escalation
  165. [webapps] Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
  166. [webapps] Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
  167. [local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
  168. [webapps] Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
  169. [webapps] OpenCart 3.0.36 - ATO via Cross Site Request Forgery
  170. [webapps] EyesOfNetwork 5.3 - LFI
  171. [webapps] Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scr
  172. [webapps] WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site S
  173. [webapps] Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
  174. [webapps] EyesOfNetwork 5.3 - RCE & PrivEsc
  175. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Me
  176. [webapps] Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
  177. [webapps] WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (M
  178. [webapps] Online Doctor Appointment System 1.0 - Multiple Stored XSS
  179. [webapps] Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
  180. [local] dnsrecon 0.10.0 - CSV Injection
  181. [webapps] Life Insurance Management System 1.0 - Multiple Stored XSS
  182. [webapps] ECSIMAGING PACS 6.21.5 - SQL injection
  183. [webapps] CRUD Operation 1.0 - Multiple Stored XSS
  184. [webapps] ECSIMAGING PACS 6.21.5 - Remote code execution
  185. [webapps] Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execut
  186. [webapps] Cockpit CMS 0.6.1 - Remote Code Execution
  187. [webapps] Curfew e-Pass Management System 1.0 - Stored XSS
  188. [webapps] iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
  189. [webapps] Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
  190. [local] H2 Database 1.4.199 - JNI Code Execution
  191. [webapps] Gitea 1.7.5 - Remote Code Execution
  192. [local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
  193. [webapps] Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
  194. [local] WinAVR Version 20100110 - Insecure Folder Permissions
  195. [webapps] Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
  196. [webapps] Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
  197. [webapps] WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross S
  198. [webapps] Responsive E-Learning System 1.0 - Stored Cross Site Scripting
  199. [webapps] Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
  200. [webapps] WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
  201. [webapps] Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
  202. [webapps] IPeakCMS 3.5 - Boolean-based blind SQLi
  203. [local] IObit Uninstaller 10 Pro - Unquoted Service Path
  204. [local] dirsearch 0.4.1 - CSV Injection
  205. [webapps] Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
  206. [webapps] Klog Server 2.4.1 - Command Injection (Unauthenticated)
  207. [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multi
  208. [webapps] Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticate
  209. [webapps] HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
  210. [webapps] Cassandra Web 0.5.0 - Remote File Read
  211. [local] Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
  212. [webapps] CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
  213. [webapps] Online Learning Management System 1.0 - RCE (Authenticated)
  214. [webapps] Baby Care System 1.0 - 'Post title' Stored XSS
  215. [webapps] Responsive FileManager 9.13.4 - 'path' Path Traversal
  216. [webapps] Responsive ELearning System 1.0 - 'id' Sql Injection
  217. [webapps] WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
  218. [webapps] Online Movie Streaming 1.0 - Authentication Bypass
  219. [webapps] IncomCMS 2.0 - Insecure File Upload
  220. [webapps] House Rental and Property Listing 1.0 - Multiple Stored XSS
  221. [webapps] Resumes Management and Job Application Website 1.0 - Authentication Bypass
  222. [webapps] WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[cu
  223. [local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Se
  224. [webapps] Arteco Web Client DVR/NVR - 'SessionId' Brute Force
  225. [webapps] Subrion CMS 4.2.1 - 'avatar[path]' XSS
  226. [webapps] Click2Magic 1.1.5 - Stored Cross-Site Scripting
  227. [webapps] Advanced Comment System 1.0 - 'ACS_path' Path Traversal
  228. [webapps] sar2html 3.2.1 - 'plot' Remote Code Execution
  229. [webapps] CMS Made Simple 2.2.15 - RCE (Authenticated)
  230. [webapps] Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
  231. [local] Knockpy 4.1.1 - CSV Injection
  232. [dos] Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
  233. [webapps] Wordpress Core 5.2.2 - 'post previews' XSS
  234. [webapps] 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
  235. [local] MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
  236. [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
  237. [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scrip
  238. [webapps] GitLab 11.4.7 - RCE (Authenticated)
  239. [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
  240. [webapps] TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
  241. [webapps] Baby Care System 1.0 - 'roleid' SQL Injection
  242. [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
  243. [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Inje
  244. [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
  245. [webapps] Class Scheduling System 1.0 - Multiple Stored XSS
  246. [webapps] Online Learning Management System 1.0 - Authentication Bypass
  247. [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
  248. [webapps] Artworks Gallery Management System 1.0 - 'id' SQL Injection
  249. [webapps] Faculty Evaluation System 1.0 - Stored XSS
  250. [webapps] TerraMaster TOS 4.2.06 - RCE (Unauthenticated)