Exploit-Database.net

Exploits (Total: 94451)


Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload				2019-01-18
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free				2019-01-18
Microsoft Edge Chakra - 'InitClass' Type Confusion				2019-01-18
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion				2019-01-18
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion				2019-01-18
Webmin 1.900 - Remote Command Execution (Metasploit)				2019-01-18
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings				2019-01-18
FastTube 1.0.1.0 - Denial of Service (PoC)				2019-01-18
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)				2019-01-18
7 Tik 1.0.1.0 - Denial of Service (PoC)				2019-01-18
Eco Search 1.0.2.0 - Denial of Service (PoC)				2019-01-18
One Search 1.1.0.0 - Denial of Service (PoC)				2019-01-18
Watchr 1.1.0.0 - Denial of Service (PoC)				2019-01-18
SCP Client - Multiple Vulnerabilities (SSHtranger Things)				2019-01-18
phpTransformer 2016.9 - Directory Traversal				2019-01-18
phpTransformer 2016.9 - SQL Injection				2019-01-18
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion				2019-01-18
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation				2019-01-17
Microsoft Windows CONTACT - Remote Code Execution				2019-01-17
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting				2019-01-17
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)				2019-01-16
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation				2019-01-16
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free				2019-01-16
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free				2019-01-16
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit				2019-01-16
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length				2019-01-16
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset				2019-01-16
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal				2019-01-16
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)				2019-01-16
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)				2019-01-16
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)				2019-01-16
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)				2019-01-16
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution				2019-01-16
doorGets CMS 7.0 - Arbitrary File Download				2019-01-16
Roxy Fileman 1.4.5 - Arbitrary File Download				2019-01-16
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure				2019-01-16
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)				2019-01-16
Windows Debugging 101				2019-01-15
[Portuguese] Reverse Engineering 101 using Radare2				2019-01-15
Windows Privilege Escalations				2019-01-15
An Internal Pentest Audit Against Active Directory				2019-01-15
PHP Source Code Analysis				2019-01-15
PoC \|\| GTFO 0x16				2019-01-15
PoC \|\| GTFO 0x15				2019-01-15
PoC \|\| GTFO 0x14				2019-01-15
PoC \|\| GTFO 0x13				2019-01-15
PoC \|\| GTFO 0x12				2019-01-15
PoC \|\| GTFO 0x11				2019-01-15
PoC \|\| GTFO 0x10				2019-01-15
ownDMS 4.7 - SQL Injection				2019-01-15
Microsoft Windows VCF - Remote Code Execution				2019-01-15
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)				2019-01-15
1Password < 7.0 - Denial of Service				2019-01-15
AudioCode 400HD - Command Injection				2019-01-14
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection				2019-01-14
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation				2019-01-14
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass				2019-01-14
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation				2019-01-14
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation				2019-01-14
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation				2019-01-14
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection				2019-01-14
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution				2019-01-14
Job Portal Platform 1.0 - SQL Injection				2019-01-14
Real Estate Custom Script 2.0 - SQL Injection				2019-01-14
ThinkPHP 5.X - Remote Command Execution				2019-01-14
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)				2019-01-14
HealthNode Hospital Management System 1.0 - SQL Injection				2019-01-14
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)				2019-01-14
Cleanto 5.0 - SQL Injection				2019-01-14
Find a Place CMS Directory 1.5 - SQL Injection				2019-01-14
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection				2019-01-14
Hootoo HT-05 - Remote Code Execution (Metasploit)				2019-01-14
xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)				2019-01-14
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection				2019-01-14
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)				2019-01-14
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection				2019-01-14
Modern POS 1.3 - SQL Injection				2019-01-14
Modern POS 1.3 - Arbitrary File Download				2019-01-14
Horde Imp - 'imap_open' Remote Command Execution				2019-01-14
i-doit CMDB 1.12 - SQL Injection				2019-01-14
i-doit CMDB 1.12 - Arbitrary File Download				2019-01-14
Across DR-810 ROM-0 - Backup File Disclosure				2019-01-14
Luminance Studio 2.17 - Denial of Service (PoC)				2019-01-11
Blob Studio 2.17 - Denial of Service (PoC)				2019-01-11
Liquid Studio 2.17 - Denial of Service (PoC)				2019-01-11
Pixel Studio 2.17 - Denial of Service (PoC)				2019-01-11
Paint Studio 2.17 - Denial of Service (PoC)				2019-01-11
Tree Studio 2.17 - Denial of Service (PoC)				2019-01-11
Selfie Studio 2.17 - Denial of Service (PoC)				2019-01-11
Windows/x86 - Download With Tftp And Execute Shellcode (51-60 bytes)(msvcrt.system)(Generator)				2019-01-11
Joomla! Component JoomCRM 1.1.1 - SQL Injection				2019-01-11
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure				2019-01-11
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)				2019-01-11
Adapt Inventory Management System 1.0 - SQL Injection				2019-01-11
OpenSource ERP 6.3.1. - SQL Injection				2019-01-10
eBrigade ERP 4.5 - SQL Injection				2019-01-10
Event Locations 1.0.1 - 'id' SQL Injection				2019-01-10
Event Calendar 3.7.4 - 'id' SQL Injection				2019-01-10
MLMPro 1.0 - SQL Injection				2019-01-10
Architectural 1.0 - 'email' SQL Injection				2019-01-10
Shield CMS 2.2 - 'email' SQL Injection				2019-01-10
doitX 1.0 - 'search' SQL Injection				2019-01-10
Matrix MLM Script 1.0 - Information Disclosure				2019-01-10
eBrigade ERP 4.5 - Arbitrary File Download				2019-01-10
PEAR Archive_Tar < 1.4.4 - PHP Object Injection				2019-01-10
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)				2019-01-10
BlogEngine 3.3 - XML External Entity Injection				2019-01-09
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork				2019-01-09
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion				2019-01-09
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)				2019-01-09
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting				2019-01-09
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)				2019-01-09
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)				2019-01-09
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)				2019-01-09
Microsoft Windows - Windows Error Reporting Local Privilege Escalation				2019-01-09
MDwiki < 0.6.2 - Cross-Site Scripting				2019-01-09
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read				2019-01-08
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection				2019-01-08
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation				2019-01-08
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation				2019-01-07
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)				2019-01-07
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection				2019-01-07
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery				2019-01-07
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)				2019-01-07
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)				2019-01-07
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)				2019-01-07
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data				2019-01-07
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal				2019-01-07
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection				2019-01-07
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation				2019-01-07
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting				2019-01-07
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting				2019-01-07
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting				2019-01-07
LayerBB 1.1.1 - Persistent Cross-Site Scripting				2019-01-07
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference				2019-01-07
All in One Video Downloader 1.2 - Authenticated SQL Injection				2019-01-07
Embed Video Scripts - Persistent Cross-Site Scripting				2019-01-07
Mailcleaner - Authenticated Remote Code Execution (Metasploit)				2019-01-07
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)				2019-01-02
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)				2019-01-02
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write				2019-01-02
WebKit JSC - 'AbstractValue::set' Use-After-Free				2019-01-02
Ayukov NFTP FTP Client 2.0 - Buffer Overflow				2019-01-02
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)				2019-01-02
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)				2019-01-02
Frog CMS 0.9.5 - Cross-Site Scripting				2019-01-02
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection				2019-01-02
Vtiger CRM 7.1.0 - Remote Code Execution				2019-01-02
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)				2019-01-02
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability				2018-12-27
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Exploit				2018-12-27
bludit Pages Editor 3.0.0 - Arbitrary File Upload Vulnerability				2018-12-27
Craft CMS 3.0.25 - Cross-Site Scripting Vulnerability				2018-12-27
MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Exploit				2018-12-27
ShareAlarmPro 2.1.4 - Denial of Service Exploit				2018-12-27
NetShareWatcher 1.5.8 - Denial of Service Exploit				2018-12-27
Product Key Explorer 4.0.9 - Denial of Service Exploit				2018-12-27
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability				2018-12-27
WordPress Baggage Freight Shipping Australia 0.1.0 Plugin - Arbitrary File Upload				2018-12-27
Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit				2018-12-27
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)				2018-12-27
Linux/x86 - Kill All Processes Shellcode (14 bytes)				2018-12-27
Google Chrome 70 - SQLite Magellan Crash Exploit				2018-12-27
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Copy/Read Exploit				2018-12-27
FrontAccounting 2.4.5 - SubmitUser SQL Injection Vulnerability				2018-12-27
WSTMart 2.0.8 - Cross-Site Scripting Vulnerability				2018-12-27
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability				2018-12-27
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability				2018-12-27
Kubernetes - (Unauthenticated) Arbitrary Requests Exploit				2018-12-27
Kubernetes - (Authenticated) Arbitrary Requests Exploit				2018-12-27
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit				2018-12-27
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit				2018-12-27
Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit				2018-12-27
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit				2018-12-27
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability				2018-12-27
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) Vulnerability				2018-12-27
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit				2018-12-27
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit				2018-12-27
VBScript - MSXML Execution Policy Bypass Exploit				2018-12-27
VBScript - VbsErase Reference Leak Use-After-Free Exploit				2018-12-27
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution Exploit				2018-12-27
AnyBurn 4.3 - Local Buffer Overflow (SEH) Exploit				2018-12-27
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Exploit				2018-12-27
Netatalk < 3.1.12 - Authentication Bypass Exploit				2018-12-27
SQLScan 1.0 - Denial of Service Exploit				2018-12-27
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit				2018-12-27
IBM Operational Decision Manager 8.x - XML External Entity Injection				2018-12-27
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure Exploit				2018-12-27
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Exploit				2018-12-27
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit				2018-12-27
Yeswiki Cercopitheque - id SQL Injection Vulnerability				2018-12-27
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability				2018-12-27
Integria IMS 5.0.83 - search_string Cross-Site Scripting Vulnerability				2018-12-27
Integria IMS 5.0.83 - Cross-Site Request Forgery Vulnerability				2018-12-27
Hotel Booking Script 3.4 - CSRF (Change Admin Password) Vulnerability				2018-12-27
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit				2018-12-27
Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit				2018-12-27
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit				2018-12-27
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit				2018-12-27
SDL Web Content Manager 8.5.0 - XML External Entity Injection Vulnerability				2018-12-27
PDF Explorer 1.5.66.2 - SEH Local Exploit				2018-12-27
GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit				2018-12-27
Windows Persistent Service Installer Exploit				2018-12-27
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability				2018-12-27
Razer Cortex Debugger Remote Command Execution Vulnerability				2018-12-27
KARMA 6.0.0 SQL Injection Vulnerability				2018-12-27
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal Vulnerabilities				2018-12-27
ShareAlarmPro 2.1.4 - Denial of Service (PoC)				2018-12-27
NetShareWatcher 1.5.8 - Denial of Service (PoC)				2018-12-27
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload				2018-12-27
bludit Pages Editor 3.0.0 - Arbitrary File Upload				2018-12-27
Iperius Backup 5.8.1 - Buffer Overflow (SEH)				2018-12-27
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)				2018-12-27
Product Key Explorer 4.0.9 - Denial of Service (PoC)				2018-12-27
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)				2018-12-27
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload				2018-12-27
Craft CMS 3.0.25 - Cross-Site Scripting				2018-12-27
Kubernetes - (Authenticated) Arbitrary Requests				2018-12-24
Kubernetes - (Unauthenticated) Arbitrary Requests				2018-12-24
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)				2018-12-24
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)				2018-12-24
Netatalk - Bypass Authentication				2018-12-24
Searching systematically for PHP disable_functions bypasses				2018-12-24
Keybase keybase-redirector - '$PATH' Local Privilege Escalation				2018-12-24
Pure In-Memory (Shell)Code Injection In Linux Userland				2018-12-24
Google Chrome 70 - SQLite Magellan Crash (PoC)				2018-12-24
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read				2018-12-24
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read				2018-12-24
Linux/x86 - Kill All Processes Shellcode (14 bytes)				2018-12-24
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)				2018-12-24
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection				2018-12-24
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)				2018-12-24
WSTMart 2.0.8 - Cross-Site Scripting				2018-12-24
Netatalk < 3.1.12 - Authentication Bypass				2018-12-21
SQLScan 1.0 - Denial of Service (PoC)				2018-12-21
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read				2018-12-21
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)				2018-12-21
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service				2018-12-21
AnyBurn 4.3 - Local Buffer Overflow (SEH)				2018-12-21
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)				2018-12-20
VBScript - MSXML Execution Policy Bypass				2018-12-20
VBScript - VbsErase Reference Leak Use-After-Free				2018-12-20
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)				2018-12-20
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution				2018-12-20
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)				2018-12-20
IBM Operational Decision Manager 8.x - XML External Entity Injection				2018-12-19
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)				2018-12-19

Exploits/page:

Page: