المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  1. [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (
  2. [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting
  3. [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
  4. [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-F
  5. [local] Firefox 72 IonMonkey - JIT Type Confusion
  6. [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (S
  7. [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL I
  8. [webapps] ZeroShell 3.9.0 - Remote Command Execution
  9. [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
  10. [local] Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
  11. [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
  12. [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
  13. [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
  14. [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
  15. [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
  16. [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Sit
  17. [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
  18. [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
  19. [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
  20. [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
  21. [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
  22. [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthentica
  23. [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
  24. [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May
  25. [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
  26. [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
  27. [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated
  28. [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
  29. [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
  30. [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
  31. [webapps] StudyMD 0.3.2 - XSS to RCE
  32. [webapps] Freeter 1.2.1 - XSS to RCE
  33. [webapps] Markright 1.0 - XSS to RCE
  34. [webapps] Markdownify 1.2.0 - XSS to RCE
  35. [webapps] Anote 1.0 - XSS to RCE
  36. [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
  37. [webapps] Markdown Explorer 0.1.1 - XSS to RCE
  38. [webapps] Xmind 2020 - XSS to RCE
  39. [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
  40. [webapps] SnipCommand 0.1.0 - XSS to RCE
  41. [webapps] Moeditor 0.2.0 - XSS to RCE
  42. [webapps] Marky 0.0.1 - XSS to RCE
  43. [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Up
  44. [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
  45. [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
  46. [webapps] Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
  47. [webapps] Piwigo 11.3.0 - 'language' SQL
  48. [webapps] GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
  49. [remote] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
  50. [webapps] Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
  51. [webapps] Emoji for NodeBB 3.2.1 - Arbitrary File Write
  52. [webapps] FOGProject 1.5.9 - File Upload RCE (Authenticated)
  53. [webapps] Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
  54. [webapps] Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
  55. [webapps] Montiorr 1.7.6m - File Upload to XSS
  56. [dos] WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
  57. [webapps] Kimai 1.14 - CSV Injection
  58. [webapps] OpenPLC 3 - Remote Code Execution (Authenticated)
  59. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
  60. [webapps] Hasura GraphQL 1.3.3 - Remote Code Execution
  61. [webapps] Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
  62. [webapps] Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS
  63. [webapps] DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
  64. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
  65. [webapps] Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
  66. [webapps] RemoteClinic 2.0 - 'Full Name' Stored Cross-Site Scripting (XSS)
  67. [webapps] RemoteClinic 2.0 - 'Symptoms' Stored Cross-Site Scripting (XSS)
  68. [webapps] CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
  69. [webapps] OTRS 6.0.1 - Remote Command Execution (2)
  70. [webapps] Hasura GraphQL 1.3.3 - Local File Read
  71. [webapps] Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
  72. [webapps] GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
  73. [dos] Hasura GraphQL 1.3.3 - Denial of Service
  74. [webapps] Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
  75. [webapps] Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scri
  76. [webapps] OpenEMR 5.0.2.1 - Remote Code Execution
  77. [webapps] Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scr
  78. [webapps] rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticat
  79. [remote] Tenda D151 & D301 - Configuration Download (Unauthenticated)
  80. [webapps] RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
  81. [webapps] Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
  82. [webapps] BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
  83. [webapps] WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (X
  84. [webapps] Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
  85. [webapps] Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote
  86. [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
  87. [dos] glFTPd 2.11a - Remote Denial of Service
  88. [webapps] htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
  89. [webapps] Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
  90. [webapps] Horde Groupware Webmail 5.2.22 - Stored XSS
  91. [local] MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
  92. [webapps] jQuery 1.2 - Cross-Site Scripting (XSS)
  93. [webapps] jQuery 1.0.3 - Cross-Site Scripting (XSS)
  94. [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
  95. [webapps] Digital Crime Report Management System 1.0 - SQL Injection (Authentication
  96. [webapps] CITSmart ITSM 9.1.2.22 - LDAP Injection
  97. [webapps] CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authentica
  98. [webapps] ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
  99. [webapps] Simple Student Information System 1.0 - SQL Injection (Authentication Bypas
  100. [webapps] Blitar Tourism 1.0 - Authentication Bypass SQLi
  101. [remote] vsftpd 2.3.4 - Backdoor Command Execution
  102. [webapps] PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
  103. [remote] Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Executio
  104. [webapps] DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
  105. [webapps] Composr 10.0.36 - Remote Code Execution
  106. [webapps] CMSimple 5.2 - 'External' Stored XSS
  107. [webapps] Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
  108. [webapps] Composr CMS 10.0.36 - Cross Site Scripting
  109. [webapps] Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS
  110. [remote] Google Chrome 81.0.4044 V8 - Remote Code Execution
  111. [webapps] Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
  112. [local] Google Chrome V8 Engine 8.9.40 - Remote Code Execution
  113. [webapps] Mini Mouse 9.2.0 - Path Traversal
  114. [webapps] Mini Mouse 9.2.0 - Remote Code Execution
  115. [webapps] Simple Food Website 1.0 - Authentication Bypass
  116. [webapps] Basic Shopping Cart 1.0 - Authentication Bypass
  117. [webapps] OpenEMR 4.1.0 - 'u' SQL Injection
  118. [local] Rockstar Service - Insecure File Permissions
  119. [webapps] F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)
  120. [webapps] ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation
  121. [webapps] phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
  122. [webapps] Latrix 0.6.0 - 'txtaccesscode' SQL Injection
  123. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
  124. [webapps] ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
  125. [webapps] Zabbix 3.4.7 - Stored XSS
  126. [dos] DD-WRT 45723 - UPNP Buffer Overflow (PoC)
  127. [webapps] CourseMS 2.1 - 'name' Stored XSS
  128. [webapps] GetSimple CMS 3.3.16 - Reflected XSS to RCE
  129. [webapps] Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
  130. [webapps] TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthe
  131. [webapps] Concrete5 8.5.4 - 'name' Stored XSS
  132. [webapps] Equipment Inventory System 1.0 - 'multiple' Stored XSS
  133. [webapps] Budget Management System 1.0 - 'Budget title' Stored XSS
  134. [webapps] Novel Boutique House-plus 3.5.1 - Arbitrary File Download
  135. [webapps] SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
  136. [webapps] WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticate
  137. [remote] vsftpd 3.0.3 - Remote Denial of Service
  138. [webapps] Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
  139. [webapps] GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
  140. [webapps] Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
  141. [webapps] Ovidentia 6 - 'id' SQL injection (Authenticated)
  142. [webapps] Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
  143. [webapps] Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site S
  144. [webapps] Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RC
  145. [local] Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path
  146. [webapps] Codiad 2.8.4 - Remote Code Execution (Authenticated)
  147. [local] ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path
  148. [local] Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service
  149. [webapps] Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
  150. [local] Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path
  151. [local] ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
  152. [webapps] MyBB 1.8.25 - Poll Vote Count SQL Injection
  153. [webapps] MyBB 1.8.25 - Chained Remote Command Execution
  154. [dos] ProFTPD 1.3.7a - Remote Denial of Service
  155. [local] OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
  156. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password
  157. [webapps] WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Travers
  158. [local] MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
  159. [local] Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
  160. [local] Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path
  161. [local] Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path
  162. [local] SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpda
  163. [webapps] Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
  164. [webapps] Online News Portal 1.0 - 'name' SQL Injection
  165. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthen
  166. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenti
  167. [dos] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticate
  168. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
  169. [remote] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials She
  170. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
  171. [webapps] KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authen
  172. [local] SOYAL 701 Server 9.0.1 - Insecure Permissions
  173. [local] SOYAL 701 Client 9.0.1 - Insecure Permissions
  174. [webapps] SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
  175. [webapps] SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
  176. [webapps] VestaCP 0.9.8 - 'v_sftp_licence' Command Injection
  177. [local] Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
  178. [webapps] Profiling System for Human Resource Management 1.0 - Remote Code Execution
  179. [local] BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
  180. [webapps] Boonex Dolphin 7.4.2 - 'width' Stored XSS
  181. [webapps] LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
  182. [webapps] Plone CMS 5.2.3 - 'Title' Stored XSS
  183. [webapps] Hestia Control Panel 1.3.2 - Arbitrary File Write
  184. [webapps] SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
  185. [webapps] rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution*(Authenticat
  186. [remote] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  187. [local] VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
  188. [webapps] VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
  189. [local] FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buf
  190. [webapps] VestaCP 0.9.8 - File Upload CSRF
  191. [webapps] WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
  192. [local] GeoGebra CAS Calculato?r? 6.0.631.0 - Denial of Service (PoC)
  193. [local] GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
  194. [local] GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
  195. [local] GeoGebra Graphing Calculato?r? 6.0.631.0 - Denial Of Service (PoC)
  196. [webapps] Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (Fil
  197. [webapps] SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
  198. [webapps] Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
  199. [local] QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
  200. [local] Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
  201. [local] eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
  202. [local] Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
  203. [webapps] openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
  204. [webapps] MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
  205. [webapps] rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
  206. [webapps] Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
  207. [webapps] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
  208. [local] Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
  209. [webapps] Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
  210. [webapps] Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
  211. [dos] Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC
  212. [webapps] MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
  213. [webapps] NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation
  214. [webapps] Atlassian JIRA 8.11.1 - User Enumeration
  215. [remote] Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)
  216. [local] FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
  217. [local] Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
  218. [local] bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path
  219. [webapps] GLPI 9.5.3 - 'fromtype' Unsafe Reflection
  220. [local] Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
  221. [local] Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
  222. [webapps] Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthentica
  223. [local] Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path
  224. [webapps] Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)
  225. [webapps] Fluig 1.7.0 - Path Traversal
  226. [remote] CatDV 9.2 - RMI Authentication Bypass
  227. [webapps] Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
  228. [webapps] Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
  229. [webapps] Textpattern 4.8.3 - Remote code execution (Authenticated) (2)
  230. [webapps] Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)
  231. [webapps] Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
  232. [webapps] Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution
  233. [webapps] e107 CMS 2.3.0 - CSRF
  234. [remote] AnyDesk 5.5.2 - Remote Code Execution
  235. [webapps] Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persis
  236. [webapps] Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error
  237. [webapps] Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
  238. [webapps] Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scri
  239. [webapps] Tiny Tiny RSS - Remote Code Execution
  240. [webapps] Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting
  241. [webapps] VMware vCenter Server 7.0 - Unauthenticated File Upload
  242. [webapps] Online Catering Reservation System 1.0 - Remote Code Execution (Unauthentic
  243. [webapps] Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticate
  244. [webapps] FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
  245. [remote] WiFi Mouse 1.7.8.5 - Remote Code Execution
  246. [remote] Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
  247. [webapps] LightCMS 1.3.4 - 'exclusive' Stored XSS
  248. [webapps] Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
  249. [webapps] Triconsole 3.75 - Reflected XSS
  250. [webapps] Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Sc