المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  1. [webapps] SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (
  2. [webapps] Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Ta
  3. [webapps] MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
  4. [webapps] Simple Public Chat Room 1.0 - Authentication Bypass SQLi
  5. [webapps] Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
  6. [webapps] Online Grading System 1.0 - 'uname' SQL Injection
  7. [webapps] Quick.CMS 6.7 - Remote Code Execution (Authenticated)
  8. [webapps] BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
  9. [local] Metasploit Framework 6.0.11 - msfvenom APK template command injection
  10. [webapps] Fuel CMS 1.4.1 - Remote Code Execution (2)
  11. [webapps] Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
  12. [dos] jQuery UI 1.12.1 - Denial of Service (DoS)
  13. [webapps] WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Exec
  14. [webapps] OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
  15. [webapps] CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
  16. [webapps] EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
  17. [webapps] STVS ProVision 5.9.10 - File Disclosure (Authenticated)
  18. [webapps] STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
  19. [webapps] Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
  20. [webapps] Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Au
  21. [webapps] Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
  22. [webapps] Simple College Website 1.0 - 'full' Stored Cross Site Scripting
  23. [webapps] Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Script
  24. [webapps] Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
  25. [webapps] Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
  26. [webapps] CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
  27. [webapps] Library System 1.0 - 'category' SQL Injection
  28. [webapps] MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
  29. [webapps] Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
  30. [webapps] CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
  31. [webapps] Atlassian Confluence Widget Connector Macro - SSTI
  32. [webapps] Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthentica
  33. [webapps] Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
  34. [webapps] Library System 1.0 - Authentication Bypass Via SQL Injection
  35. [webapps] CASAP Automated Enrollment System 1.0 - Authentication Bypass
  36. [webapps] ERPNext 12.14.0 - SQL Injection (Authenticated)
  37. [webapps] Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
  38. [local] Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
  39. [webapps] Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthe
  40. [webapps] Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
  41. [webapps] Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
  42. [webapps] Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
  43. [webapps] Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unaut
  44. [webapps] Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
  45. [webapps] Anchor CMS 0.12.7 - CSRF (Delete user)
  46. [webapps] Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasplo
  47. [webapps] Online Documents Sharing Platform 1.0 - 'user' SQL Injection
  48. [webapps] Apartment Visitors Management System 1.0 - 'email' SQL Injection
  49. [webapps] Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
  50. [webapps] ChurchRota 2.6.4 - RCE (Authenticated)
  51. [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XS
  52. [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
  53. [webapps] osTicket 1.14.2 - SSRF
  54. [webapps] Life Insurance Management System 1.0 - 'client_id' SQL Injection
  55. [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
  56. [webapps] Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated
  57. [webapps] Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
  58. [webapps] Cisco UCS Manager 2.2(1d) - Remote Command Execution
  59. [webapps] Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
  60. [webapps] Alumni Management System 1.0 - "Last Name field in Registration page" Store
  61. [webapps] E-Learning System 1.0 - Authentication Bypass & RCE POC
  62. [webapps] EyesOfNetwork 5.3 - File Upload Remote Code Execution
  63. [webapps] PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox
  64. [webapps] WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripti
  65. [webapps] Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scrip
  66. [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
  67. [webapps] Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
  68. [webapps] Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
  69. [webapps] Laravel 8.4.2 debug mode - Remote code execution
  70. [webapps] Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
  71. [webapps] Online Movie Streaming 1.0 - Admin Authentication Bypass
  72. [webapps] Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
  73. [webapps] Online Shopping Cart System 1.0 - 'id' SQL Injection
  74. [webapps] Online Hotel Reservation System 1.0 - Admin Authentication Bypass
  75. [remote] Erlang Cookie - Remote Code Execution
  76. [webapps] SmartAgent 3.1.0 - Privilege Escalation
  77. [webapps] Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
  78. [webapps] Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
  79. [local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
  80. [webapps] Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
  81. [webapps] OpenCart 3.0.36 - ATO via Cross Site Request Forgery
  82. [webapps] EyesOfNetwork 5.3 - LFI
  83. [webapps] Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scr
  84. [webapps] WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site S
  85. [webapps] Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
  86. [webapps] EyesOfNetwork 5.3 - RCE & PrivEsc
  87. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Me
  88. [webapps] Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
  89. [webapps] WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (M
  90. [webapps] Online Doctor Appointment System 1.0 - Multiple Stored XSS
  91. [webapps] Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
  92. [local] dnsrecon 0.10.0 - CSV Injection
  93. [webapps] Life Insurance Management System 1.0 - Multiple Stored XSS
  94. [webapps] ECSIMAGING PACS 6.21.5 - SQL injection
  95. [webapps] CRUD Operation 1.0 - Multiple Stored XSS
  96. [webapps] ECSIMAGING PACS 6.21.5 - Remote code execution
  97. [webapps] Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execut
  98. [webapps] Cockpit CMS 0.6.1 - Remote Code Execution
  99. [webapps] Curfew e-Pass Management System 1.0 - Stored XSS
  100. [webapps] iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
  101. [webapps] Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
  102. [local] H2 Database 1.4.199 - JNI Code Execution
  103. [webapps] Gitea 1.7.5 - Remote Code Execution
  104. [local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
  105. [webapps] Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
  106. [local] WinAVR Version 20100110 - Insecure Folder Permissions
  107. [webapps] Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
  108. [webapps] Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
  109. [webapps] WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross S
  110. [webapps] Responsive E-Learning System 1.0 - Stored Cross Site Scripting
  111. [webapps] Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
  112. [webapps] WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
  113. [webapps] Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
  114. [webapps] IPeakCMS 3.5 - Boolean-based blind SQLi
  115. [local] IObit Uninstaller 10 Pro - Unquoted Service Path
  116. [local] dirsearch 0.4.1 - CSV Injection
  117. [webapps] Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
  118. [webapps] Klog Server 2.4.1 - Command Injection (Unauthenticated)
  119. [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multi
  120. [webapps] Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticate
  121. [webapps] HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
  122. [webapps] Cassandra Web 0.5.0 - Remote File Read
  123. [local] Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
  124. [webapps] CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
  125. [webapps] Online Learning Management System 1.0 - RCE (Authenticated)
  126. [webapps] Baby Care System 1.0 - 'Post title' Stored XSS
  127. [webapps] Responsive FileManager 9.13.4 - 'path' Path Traversal
  128. [webapps] Responsive ELearning System 1.0 - 'id' Sql Injection
  129. [webapps] WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
  130. [webapps] Online Movie Streaming 1.0 - Authentication Bypass
  131. [webapps] IncomCMS 2.0 - Insecure File Upload
  132. [webapps] House Rental and Property Listing 1.0 - Multiple Stored XSS
  133. [webapps] Resumes Management and Job Application Website 1.0 - Authentication Bypass
  134. [webapps] WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[cu
  135. [local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Se
  136. [webapps] Arteco Web Client DVR/NVR - 'SessionId' Brute Force
  137. [webapps] Subrion CMS 4.2.1 - 'avatar[path]' XSS
  138. [webapps] Click2Magic 1.1.5 - Stored Cross-Site Scripting
  139. [webapps] Advanced Comment System 1.0 - 'ACS_path' Path Traversal
  140. [webapps] sar2html 3.2.1 - 'plot' Remote Code Execution
  141. [webapps] CMS Made Simple 2.2.15 - RCE (Authenticated)
  142. [webapps] Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
  143. [local] Knockpy 4.1.1 - CSV Injection
  144. [dos] Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
  145. [webapps] Wordpress Core 5.2.2 - 'post previews' XSS
  146. [webapps] 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
  147. [local] MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
  148. [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
  149. [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scrip
  150. [webapps] GitLab 11.4.7 - RCE (Authenticated)
  151. [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
  152. [webapps] TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
  153. [webapps] Baby Care System 1.0 - 'roleid' SQL Injection
  154. [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
  155. [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Inje
  156. [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
  157. [webapps] Class Scheduling System 1.0 - Multiple Stored XSS
  158. [webapps] Online Learning Management System 1.0 - Authentication Bypass
  159. [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
  160. [webapps] Artworks Gallery Management System 1.0 - 'id' SQL Injection
  161. [webapps] Faculty Evaluation System 1.0 - Stored XSS
  162. [webapps] TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
  163. [local] 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
  164. [webapps] Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)
  165. [webapps] WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Meta
  166. [webapps] Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
  167. [webapps] CSE Bookstore 1.0 - Multiple SQL Injection
  168. [webapps] Library Management System 3.0 - "Add Category" Stored XSS
  169. [webapps] Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
  170. [webapps] Victor CMS 1.0 - File Upload To RCE
  171. [webapps] Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Us
  172. [webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Us
  173. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
  174. [webapps] Point of Sale System 1.0 - Multiple Stored XSS
  175. [webapps] Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
  176. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
  177. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
  178. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
  179. [webapps] Spiceworks 7.5 - HTTP Header Injection
  180. [webapps] SCO Openserver 5.0.7 - 'section' Reflected XSS
  181. [webapps] SCO Openserver 5.0.7 - 'outputform' Command Injection
  182. [webapps] Queue Management System 4.0.0 - "Add User" Stored XSS
  183. [webapps] Spotweb 1.4.9 - 'search' SQL Injection
  184. [webapps] Academy-LMS 4.3 - Stored XSS
  185. [webapps] Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
  186. [remote] FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
  187. [webapps] Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
  188. [webapps] SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
  189. [webapps] Smart Hospital 3.1 - "Add Patient" Stored XSS
  190. [webapps] Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (M
  191. [webapps] Alumni Management System 1.0 - 'id' SQL Injection
  192. [webapps] Point of Sale System 1.0 - Authentication Bypass
  193. [webapps] Alumni Management System 1.0 - Unrestricted File Upload To RCE
  194. [webapps] Alumni Management System 1.0 - "Course Form" Stored XSS
  195. [dos] nxlog 2.10.2150 - DoS (Poc)
  196. [webapps] Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
  197. [webapps] PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)
  198. [webapps] Linksys RE6500 1.0.11.001 - Unauthenticated RCE
  199. [webapps] Content Management System 1.0 - 'First Name' Stored XSS
  200. [webapps] Content Management System 1.0 - 'email' SQL Injection
  201. [webapps] Content Management System 1.0 - 'id' SQL Injection
  202. [webapps] Medical Center Portal Management System 1.0 - 'id' SQL Injection
  203. [webapps] Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS
  204. [webapps] Customer Support System 1.0 - 'id' SQL Injection
  205. [webapps] Online Tours & Travels Management System 1.0 - "id" SQL Injection
  206. [webapps] Interview Management System 1.0 - Stored XSS in Add New Question
  207. [webapps] Interview Management System 1.0 - 'id' SQL Injection
  208. [webapps] Employee Record System 1.0 - Multiple Stored XSS
  209. [webapps] Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
  210. [webapps] Seotoaster 3.2.0 - Stored XSS on Edit page properties
  211. [webapps] Magic Home Pro 1.5.1 - Authentication Bypass
  212. [webapps] PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injec
  213. [webapps] Raysync 3.3.3.8 - RCE
  214. [webapps] GitLab 11.4.7 - Remote Code Execution (Authenticated)
  215. [webapps] Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Sc
  216. [webapps] Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
  217. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root
  218. [local] libbabl 0.1.62 - Broken Double Free Detection (PoC)
  219. [webapps] Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Aut
  220. [webapps] Task Management System 1.0 - 'page' Local File Inclusion
  221. [webapps] Gitlab 11.4.7 - Remote Code Execution
  222. [webapps] Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
  223. [webapps] Rumble Mail Server 0.51.3135 - 'username' Stored XSS
  224. [webapps] Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
  225. [webapps] Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
  226. [webapps] WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
  227. [webapps] Seacms 11.1 - 'file' Local File Inclusion
  228. [webapps] Seacms 11.1 - 'checkuser' Stored XSS
  229. [webapps] Seacms 11.1 - 'ip and weburl' Remote Command Execution
  230. [local] System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
  231. [webapps] MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
  232. [webapps] LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
  233. [webapps] Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
  234. [webapps] Dolibarr 12.0.3 - SQLi to RCE
  235. [webapps] Courier Management System 1.0 - 'First Name' Stored XSS
  236. [webapps] Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
  237. [webapps] Courier Management System 1.0 - 'ref_no' SQL Injection
  238. [webapps] Jenkins 2.235.3 - 'Description' Stored XSS
  239. [webapps] Rukovoditel 2.6.1 - RCE
  240. [webapps] Supply Chain Management System - Auth Bypass SQL Injection
  241. [webapps] Openfire 4.6.0 - 'groupchatJID' Stored XSS
  242. [webapps] Openfire 4.6.0 - 'users' Stored XSS
  243. [webapps] Openfire 4.6.0 - 'sql' Stored XSS
  244. [webapps] Medical Center Portal Management System 1.0 - Multiple Stored XSS
  245. [webapps] Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
  246. [webapps] OpenCart 3.0.3.6 - Cross Site Request Forgery
  247. [webapps] WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scriptin
  248. [webapps] Openfire 4.6.0 - 'path' Stored XSS
  249. [webapps] Library Management System 2.0 - Auth Bypass SQL Injection
  250. [webapps] Barcodes generator 1.0 - 'name' Stored Cross Site Scripting