المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

  1. [webapps] Klog Server 2.4.1 - Command Injection (Authenticated)
  2. [webapps] Roundcube Webmail 1.2 - File Disclosure
  3. [webapps] Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Script
  4. [webapps] H8 SSRMS - 'id' IDOR
  5. [webapps] MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
  6. [webapps] bloofoxCMS 0.5.2.1 - CSRF (Add user)
  7. [webapps] MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
  8. [webapps] User Management System 1.0 - 'uid' SQL Injection
  9. [webapps] Park Ticketing Management System 1.0 - 'viewid' SQL Injection
  10. [webapps] Zoo Management System 1.0 - 'anid' SQL Injection
  11. [webapps] MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
  12. [webapps] SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (
  13. [webapps] Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Ta
  14. [webapps] MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
  15. [webapps] Simple Public Chat Room 1.0 - Authentication Bypass SQLi
  16. [webapps] Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
  17. [webapps] Online Grading System 1.0 - 'uname' SQL Injection
  18. [webapps] Quick.CMS 6.7 - Remote Code Execution (Authenticated)
  19. [webapps] BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
  20. [local] Metasploit Framework 6.0.11 - msfvenom APK template command injection
  21. [webapps] Fuel CMS 1.4.1 - Remote Code Execution (2)
  22. [webapps] Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
  23. [dos] jQuery UI 1.12.1 - Denial of Service (DoS)
  24. [webapps] WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Exec
  25. [webapps] OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
  26. [webapps] CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
  27. [webapps] EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
  28. [webapps] STVS ProVision 5.9.10 - File Disclosure (Authenticated)
  29. [webapps] STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
  30. [webapps] Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
  31. [webapps] Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Au
  32. [webapps] Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
  33. [webapps] Simple College Website 1.0 - 'full' Stored Cross Site Scripting
  34. [webapps] Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Script
  35. [webapps] Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
  36. [webapps] Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
  37. [webapps] CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
  38. [webapps] Library System 1.0 - 'category' SQL Injection
  39. [webapps] MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
  40. [webapps] Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
  41. [webapps] CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
  42. [webapps] Atlassian Confluence Widget Connector Macro - SSTI
  43. [webapps] Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthentica
  44. [webapps] Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
  45. [webapps] Library System 1.0 - Authentication Bypass Via SQL Injection
  46. [webapps] CASAP Automated Enrollment System 1.0 - Authentication Bypass
  47. [webapps] ERPNext 12.14.0 - SQL Injection (Authenticated)
  48. [webapps] Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
  49. [local] Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
  50. [webapps] Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthe
  51. [webapps] Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
  52. [webapps] Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
  53. [webapps] Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
  54. [webapps] Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unaut
  55. [webapps] Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
  56. [webapps] Anchor CMS 0.12.7 - CSRF (Delete user)
  57. [webapps] Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasplo
  58. [webapps] Online Documents Sharing Platform 1.0 - 'user' SQL Injection
  59. [webapps] Apartment Visitors Management System 1.0 - 'email' SQL Injection
  60. [webapps] Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
  61. [webapps] ChurchRota 2.6.4 - RCE (Authenticated)
  62. [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XS
  63. [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
  64. [webapps] osTicket 1.14.2 - SSRF
  65. [webapps] Life Insurance Management System 1.0 - 'client_id' SQL Injection
  66. [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
  67. [webapps] Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated
  68. [webapps] Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
  69. [webapps] Cisco UCS Manager 2.2(1d) - Remote Command Execution
  70. [webapps] Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
  71. [webapps] Alumni Management System 1.0 - "Last Name field in Registration page" Store
  72. [webapps] E-Learning System 1.0 - Authentication Bypass & RCE POC
  73. [webapps] EyesOfNetwork 5.3 - File Upload Remote Code Execution
  74. [webapps] PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox
  75. [webapps] WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripti
  76. [webapps] Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scrip
  77. [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
  78. [webapps] Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
  79. [webapps] Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
  80. [webapps] Laravel 8.4.2 debug mode - Remote code execution
  81. [webapps] Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
  82. [webapps] Online Movie Streaming 1.0 - Admin Authentication Bypass
  83. [webapps] Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
  84. [webapps] Online Shopping Cart System 1.0 - 'id' SQL Injection
  85. [webapps] Online Hotel Reservation System 1.0 - Admin Authentication Bypass
  86. [remote] Erlang Cookie - Remote Code Execution
  87. [webapps] SmartAgent 3.1.0 - Privilege Escalation
  88. [webapps] Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
  89. [webapps] Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
  90. [local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
  91. [webapps] Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
  92. [webapps] OpenCart 3.0.36 - ATO via Cross Site Request Forgery
  93. [webapps] EyesOfNetwork 5.3 - LFI
  94. [webapps] Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scr
  95. [webapps] WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site S
  96. [webapps] Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
  97. [webapps] EyesOfNetwork 5.3 - RCE & PrivEsc
  98. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Me
  99. [webapps] Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
  100. [webapps] WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (M
  101. [webapps] Online Doctor Appointment System 1.0 - Multiple Stored XSS
  102. [webapps] Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
  103. [local] dnsrecon 0.10.0 - CSV Injection
  104. [webapps] Life Insurance Management System 1.0 - Multiple Stored XSS
  105. [webapps] ECSIMAGING PACS 6.21.5 - SQL injection
  106. [webapps] CRUD Operation 1.0 - Multiple Stored XSS
  107. [webapps] ECSIMAGING PACS 6.21.5 - Remote code execution
  108. [webapps] Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execut
  109. [webapps] Cockpit CMS 0.6.1 - Remote Code Execution
  110. [webapps] Curfew e-Pass Management System 1.0 - Stored XSS
  111. [webapps] iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
  112. [webapps] Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
  113. [local] H2 Database 1.4.199 - JNI Code Execution
  114. [webapps] Gitea 1.7.5 - Remote Code Execution
  115. [local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
  116. [webapps] Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
  117. [local] WinAVR Version 20100110 - Insecure Folder Permissions
  118. [webapps] Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
  119. [webapps] Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
  120. [webapps] WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross S
  121. [webapps] Responsive E-Learning System 1.0 - Stored Cross Site Scripting
  122. [webapps] Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
  123. [webapps] WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
  124. [webapps] Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
  125. [webapps] IPeakCMS 3.5 - Boolean-based blind SQLi
  126. [local] IObit Uninstaller 10 Pro - Unquoted Service Path
  127. [local] dirsearch 0.4.1 - CSV Injection
  128. [webapps] Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
  129. [webapps] Klog Server 2.4.1 - Command Injection (Unauthenticated)
  130. [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multi
  131. [webapps] Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticate
  132. [webapps] HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
  133. [webapps] Cassandra Web 0.5.0 - Remote File Read
  134. [local] Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
  135. [webapps] CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
  136. [webapps] Online Learning Management System 1.0 - RCE (Authenticated)
  137. [webapps] Baby Care System 1.0 - 'Post title' Stored XSS
  138. [webapps] Responsive FileManager 9.13.4 - 'path' Path Traversal
  139. [webapps] Responsive ELearning System 1.0 - 'id' Sql Injection
  140. [webapps] WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
  141. [webapps] Online Movie Streaming 1.0 - Authentication Bypass
  142. [webapps] IncomCMS 2.0 - Insecure File Upload
  143. [webapps] House Rental and Property Listing 1.0 - Multiple Stored XSS
  144. [webapps] Resumes Management and Job Application Website 1.0 - Authentication Bypass
  145. [webapps] WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[cu
  146. [local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Se
  147. [webapps] Arteco Web Client DVR/NVR - 'SessionId' Brute Force
  148. [webapps] Subrion CMS 4.2.1 - 'avatar[path]' XSS
  149. [webapps] Click2Magic 1.1.5 - Stored Cross-Site Scripting
  150. [webapps] Advanced Comment System 1.0 - 'ACS_path' Path Traversal
  151. [webapps] sar2html 3.2.1 - 'plot' Remote Code Execution
  152. [webapps] CMS Made Simple 2.2.15 - RCE (Authenticated)
  153. [webapps] Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
  154. [local] Knockpy 4.1.1 - CSV Injection
  155. [dos] Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
  156. [webapps] Wordpress Core 5.2.2 - 'post previews' XSS
  157. [webapps] 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
  158. [local] MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
  159. [webapps] Apartment Visitors Management System 1.0 - Authentication Bypass
  160. [webapps] WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scrip
  161. [webapps] GitLab 11.4.7 - RCE (Authenticated)
  162. [webapps] WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
  163. [webapps] TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
  164. [webapps] Baby Care System 1.0 - 'roleid' SQL Injection
  165. [webapps] Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
  166. [webapps] Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Inje
  167. [webapps] Online Learning Management System 1.0 - 'id' SQL Injection
  168. [webapps] Class Scheduling System 1.0 - Multiple Stored XSS
  169. [webapps] Online Learning Management System 1.0 - Authentication Bypass
  170. [webapps] Online Learning Management System 1.0 - Multiple Stored XSS
  171. [webapps] Artworks Gallery Management System 1.0 - 'id' SQL Injection
  172. [webapps] Faculty Evaluation System 1.0 - Stored XSS
  173. [webapps] TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
  174. [local] 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
  175. [webapps] Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)
  176. [webapps] WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Meta
  177. [webapps] Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
  178. [webapps] CSE Bookstore 1.0 - Multiple SQL Injection
  179. [webapps] Library Management System 3.0 - "Add Category" Stored XSS
  180. [webapps] Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
  181. [webapps] Victor CMS 1.0 - File Upload To RCE
  182. [webapps] Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Us
  183. [webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Us
  184. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
  185. [webapps] Point of Sale System 1.0 - Multiple Stored XSS
  186. [webapps] Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
  187. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
  188. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
  189. [webapps] Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
  190. [webapps] Spiceworks 7.5 - HTTP Header Injection
  191. [webapps] SCO Openserver 5.0.7 - 'section' Reflected XSS
  192. [webapps] SCO Openserver 5.0.7 - 'outputform' Command Injection
  193. [webapps] Queue Management System 4.0.0 - "Add User" Stored XSS
  194. [webapps] Spotweb 1.4.9 - 'search' SQL Injection
  195. [webapps] Academy-LMS 4.3 - Stored XSS
  196. [webapps] Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
  197. [remote] FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
  198. [webapps] Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
  199. [webapps] SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
  200. [webapps] Smart Hospital 3.1 - "Add Patient" Stored XSS
  201. [webapps] Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (M
  202. [webapps] Alumni Management System 1.0 - 'id' SQL Injection
  203. [webapps] Point of Sale System 1.0 - Authentication Bypass
  204. [webapps] Alumni Management System 1.0 - Unrestricted File Upload To RCE
  205. [webapps] Alumni Management System 1.0 - "Course Form" Stored XSS
  206. [dos] nxlog 2.10.2150 - DoS (Poc)
  207. [webapps] Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
  208. [webapps] PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)
  209. [webapps] Linksys RE6500 1.0.11.001 - Unauthenticated RCE
  210. [webapps] Content Management System 1.0 - 'First Name' Stored XSS
  211. [webapps] Content Management System 1.0 - 'email' SQL Injection
  212. [webapps] Content Management System 1.0 - 'id' SQL Injection
  213. [webapps] Medical Center Portal Management System 1.0 - 'id' SQL Injection
  214. [webapps] Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS
  215. [webapps] Customer Support System 1.0 - 'id' SQL Injection
  216. [webapps] Online Tours & Travels Management System 1.0 - "id" SQL Injection
  217. [webapps] Interview Management System 1.0 - Stored XSS in Add New Question
  218. [webapps] Interview Management System 1.0 - 'id' SQL Injection
  219. [webapps] Employee Record System 1.0 - Multiple Stored XSS
  220. [webapps] Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
  221. [webapps] Seotoaster 3.2.0 - Stored XSS on Edit page properties
  222. [webapps] Magic Home Pro 1.5.1 - Authentication Bypass
  223. [webapps] PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injec
  224. [webapps] Raysync 3.3.3.8 - RCE
  225. [webapps] GitLab 11.4.7 - Remote Code Execution (Authenticated)
  226. [webapps] Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Sc
  227. [webapps] Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
  228. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root
  229. [local] libbabl 0.1.62 - Broken Double Free Detection (PoC)
  230. [webapps] Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Aut
  231. [webapps] Task Management System 1.0 - 'page' Local File Inclusion
  232. [webapps] Gitlab 11.4.7 - Remote Code Execution
  233. [webapps] Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
  234. [webapps] Rumble Mail Server 0.51.3135 - 'username' Stored XSS
  235. [webapps] Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
  236. [webapps] Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
  237. [webapps] WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
  238. [webapps] Seacms 11.1 - 'file' Local File Inclusion
  239. [webapps] Seacms 11.1 - 'checkuser' Stored XSS
  240. [webapps] Seacms 11.1 - 'ip and weburl' Remote Command Execution
  241. [local] System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
  242. [webapps] MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
  243. [webapps] LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
  244. [webapps] Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
  245. [webapps] Dolibarr 12.0.3 - SQLi to RCE
  246. [webapps] Courier Management System 1.0 - 'First Name' Stored XSS
  247. [webapps] Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
  248. [webapps] Courier Management System 1.0 - 'ref_no' SQL Injection
  249. [webapps] Jenkins 2.235.3 - 'Description' Stored XSS
  250. [webapps] Rukovoditel 2.6.1 - RCE