المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  1. [remote] Dlink DSL2750U - 'Reboot' Command Injection
  2. [webapps] Node.JS - 'node-serialize' Remote Code Execution (3)
  3. [webapps] ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
  4. [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fix
  5. [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
  6. [webapps] Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
  7. [local] Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Servic
  8. [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
  9. [local] VX Search 13.5.28 - 'Multiple' Unquoted Service Path
  10. [local] Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
  11. [local] Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
  12. [local] Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
  13. [webapps] Unified Office Total Connect Now 1.0 - 'data' SQL Injection
  14. [webapps] CKEditor 3 - Server-Side Request Forgery (SSRF)
  15. [webapps] Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting
  16. [webapps] OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass
  17. [webapps] Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authentic
  18. [webapps] Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
  19. [local] Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
  20. [local] DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path
  21. [local] Polkit 0.105-26 0.117-2 - Local Privilege Escalation
  22. [local] Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path
  23. [local] SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path
  24. [webapps] Client Management System 1.1 - 'Search' SQL Injection
  25. [webapps] Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)
  26. [local] Brother BRPrint Auditor - 'Multiple' Unquoted Service Path
  27. [local] Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
  28. [dos] Notex the best notes 6.4 - Denial of Service (PoC)
  29. [dos] Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
  30. [dos] Post-it 5.0.1 - Denial of Service (PoC)
  31. [local] Spy Emergency 25.0.650 - 'Multiple' Unquoted Service Path
  32. [webapps] OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)
  33. [local] WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
  34. [webapps] TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
  35. [webapps] Small CRM 3.0 - 'Authentication Bypass' SQL Injection
  36. [webapps] Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
  37. [webapps] COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting
  38. [webapps] GLPI 9.4.5 - Remote Code Execution (RCE)
  39. [webapps] Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object Refe
  40. [webapps] Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
  41. [webapps] WoWonder Social Network Platform 3.1 - Authentication Bypass
  42. [webapps] Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authentica
  43. [webapps] Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
  44. [webapps] Solar-Log 500 2.8.2 - Incorrect Access Control
  45. [webapps] Grocery crud 1.6.4 - 'order_by' SQL Injection
  46. [webapps] WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF
  47. [webapps] OpenEMR 5.0.0 - Remote Code Execution (Authenticated)
  48. [webapps] Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' S
  49. [webapps] Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
  50. [webapps] Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)
  51. [dos] n+otes 1.6.2 - Denial of Service (PoC)
  52. [dos] Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
  53. [local] memono Notepad Version 4.2 - Denial of Service (PoC)
  54. [webapps] TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
  55. [webapps] Student Result Management System 1.0 - 'class' SQL Injection
  56. [webapps] GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)
  57. [webapps] OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
  58. [webapps] WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scriptin
  59. [webapps] OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)
  60. [webapps] Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF
  61. [local] Backup Key Recovery 2.2.7 - Denial of Service (PoC)
  62. [webapps] WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)
  63. [dos] NBMonitor 1.6.8 - Denial of Service (PoC)
  64. [dos] Nsauditor 3.2.3 - Denial of Service (PoC)
  65. [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
  66. [webapps] WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scriptin
  67. [local] IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
  68. [webapps] Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)
  69. [webapps] Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated)
  70. [webapps] OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution
  71. [dos] Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
  72. [dos] Macaron Notes great notebook 5.5 - Denial of Service (PoC)
  73. [dos] My Notes Safe 5.3 - Denial of Service (PoC)
  74. [webapps] Gitlab 13.10.2 - Remote Code Execution (Authenticated)
  75. [dos] Color Notes 1.4 - Denial of Service (PoC)
  76. [webapps] Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
  77. [dos] Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
  78. [webapps] 4Images 1.8 - 'redirect' Reflected XSS
  79. [webapps] Gitlab 13.9.3 - Remote Code Execution (Authenticated)
  80. [webapps] FUDForum 3.1.0 - 'srch' Reflected XSS
  81. [webapps] FUDForum 3.1.0 - 'author' Reflected XSS
  82. [remote] CHIYU IoT Devices - 'Telnet' Authentication Bypass
  83. [webapps] CHIYU IoT Devices - Denial of Service (DoS)
  84. [dos] BasicNote 1.1.9 - Denial of Service (PoC)
  85. [dos] ColorNote 4.1.9 - Denial of Service (PoC)
  86. [dos] Notepad notes 2.6.7 - Denial of Service (PoC)
  87. [dos] Blacknote 2.2.1 - Denial of Service (PoC)
  88. [webapps] Seo Panel 4.8.0 - 'from_time' Reflected XSS
  89. [webapps] PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
  90. [webapps] Seo Panel 4.8.0 - 'category' Reflected XSS
  91. [webapps] Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
  92. [webapps] GetSimple CMS 3.3.4 - Information Disclosure
  93. [local] Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Servic
  94. [webapps] Products.PluggableAuthService 2.6.0 - Open Redirect
  95. [webapps] Seo Panel 4.8.0 - 'search_name' Reflected XSS
  96. [webapps] Thecus N4800Eco Nas Server Control Panel - Comand Injection
  97. [webapps] Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
  98. [local] Veyon 4.4.1 - 'VeyonService' Unquoted Service Path
  99. [webapps] ProjeQtOr Project Management 9.1.4 - Remote Code Execution
  100. [webapps] Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)
  101. [webapps] WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-S
  102. [webapps] CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
  103. [webapps] CHIYU TCP/IP Converter devices - CRLF injection
  104. [dos] DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
  105. [webapps] LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)
  106. [webapps] WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
  107. [webapps] Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
  108. [webapps] Trixbox 2.8.0.4 - 'lang' Path Traversal
  109. [webapps] Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
  110. [webapps] PHPFusion 9.03.50 - Remote Code Execution
  111. [webapps] Postbird 0.8.4 - Javascript Injection
  112. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
  113. [remote] ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
  114. [webapps] Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
  115. [dos] RarmaRadio 2.72.8 - Denial of Service (PoC)
  116. [webapps] Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site
  117. [webapps] WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scr
  118. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
  119. [webapps] WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cro
  120. [webapps] Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To
  121. [dos] iDailyDiary 4.30 - Denial of Service (PoC)
  122. [local] DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
  123. [local] ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path
  124. [webapps] Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
  125. [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
  126. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
  127. [webapps] WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Una
  128. [local] DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
  129. [local] Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
  130. [webapps] Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
  131. [local] Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path
  132. [local] Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
  133. [local] ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
  134. [webapps] ManageEngine ADSelfService Plus 6.1 - CSV Injection
  135. [webapps] COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)
  136. [webapps] COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (
  137. [webapps] In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
  138. [local] Visual Studio Code 1.47.1 - Denial of Service (Poc)
  139. [dos] WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
  140. [webapps] WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scriptin
  141. [webapps] Microsoft Exchange 2019 - Unauthenticated Email Download
  142. [webapps] EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
  143. [webapps] IPFire 2.25 - Remote Code Execution (Authenticated)
  144. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent C
  145. [webapps] Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forge
  146. [local] Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
  147. [webapps] Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
  148. [webapps] Billing Management System 2.0 - Union based SQL injection (Authenticated)
  149. [webapps] Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
  150. [webapps] Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
  151. [webapps] Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File
  152. [webapps] Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent C
  153. [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (
  154. [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting
  155. [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
  156. [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-F
  157. [local] Firefox 72 IonMonkey - JIT Type Confusion
  158. [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (S
  159. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL I
  160. [webapps] ZeroShell 3.9.0 - Remote Command Execution
  161. [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
  162. [local] Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
  163. [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  164. [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
  165. [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
  166. [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
  167. [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
  168. [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Sit
  169. [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
  170. [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
  171. [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
  172. [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
  173. [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
  174. [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthentica
  175. [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
  176. [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May
  177. [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
  178. [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
  179. [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated
  180. [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
  181. [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
  182. [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
  183. [webapps] StudyMD 0.3.2 - XSS to RCE
  184. [webapps] Freeter 1.2.1 - XSS to RCE
  185. [webapps] Markright 1.0 - XSS to RCE
  186. [webapps] Markdownify 1.2.0 - XSS to RCE
  187. [webapps] Anote 1.0 - XSS to RCE
  188. [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
  189. [webapps] Markdown Explorer 0.1.1 - XSS to RCE
  190. [webapps] Xmind 2020 - XSS to RCE
  191. [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
  192. [webapps] SnipCommand 0.1.0 - XSS to RCE
  193. [webapps] Moeditor 0.2.0 - XSS to RCE
  194. [webapps] Marky 0.0.1 - XSS to RCE
  195. [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Up
  196. [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
  197. [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
  198. [webapps] Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
  199. [webapps] Piwigo 11.3.0 - 'language' SQL
  200. [webapps] GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
  201. [remote] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
  202. [webapps] Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
  203. [webapps] Emoji for NodeBB 3.2.1 - Arbitrary File Write
  204. [webapps] FOGProject 1.5.9 - File Upload RCE (Authenticated)
  205. [webapps] Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
  206. [webapps] Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
  207. [webapps] Montiorr 1.7.6m - File Upload to XSS
  208. [dos] WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
  209. [webapps] Kimai 1.14 - CSV Injection
  210. [webapps] OpenPLC 3 - Remote Code Execution (Authenticated)
  211. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
  212. [webapps] Hasura GraphQL 1.3.3 - Remote Code Execution
  213. [webapps] Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
  214. [webapps] Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS
  215. [webapps] DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
  216. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
  217. [webapps] Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
  218. [webapps] RemoteClinic 2.0 - 'Full Name' Stored Cross-Site Scripting (XSS)
  219. [webapps] RemoteClinic 2.0 - 'Symptoms' Stored Cross-Site Scripting (XSS)
  220. [webapps] CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
  221. [webapps] OTRS 6.0.1 - Remote Command Execution (2)
  222. [webapps] Hasura GraphQL 1.3.3 - Local File Read
  223. [webapps] Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
  224. [webapps] GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
  225. [dos] Hasura GraphQL 1.3.3 - Denial of Service
  226. [webapps] Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
  227. [webapps] Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scri
  228. [webapps] OpenEMR 5.0.2.1 - Remote Code Execution
  229. [webapps] Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scr
  230. [webapps] rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticat
  231. [remote] Tenda D151 & D301 - Configuration Download (Unauthenticated)
  232. [webapps] RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
  233. [webapps] Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
  234. [webapps] BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
  235. [webapps] WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (X
  236. [webapps] Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
  237. [webapps] Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote
  238. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
  239. [dos] glFTPd 2.11a - Remote Denial of Service
  240. [webapps] htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
  241. [webapps] Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
  242. [webapps] Horde Groupware Webmail 5.2.22 - Stored XSS
  243. [local] MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
  244. [webapps] jQuery 1.2 - Cross-Site Scripting (XSS)
  245. [webapps] jQuery 1.0.3 - Cross-Site Scripting (XSS)
  246. [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
  247. [webapps] Digital Crime Report Management System 1.0 - SQL Injection (Authentication
  248. [webapps] CITSmart ITSM 9.1.2.22 - LDAP Injection
  249. [webapps] CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authentica
  250. [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow