Exploit-Database.net

Exploits (Total: 96647)


Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection				2019-01-14
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation				2019-01-14
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass				2019-01-14
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation				2019-01-14
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation				2019-01-14
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation				2019-01-14
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation				2019-01-14
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection				2019-01-14
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution				2019-01-14
Job Portal Platform 1.0 - SQL Injection				2019-01-14
Real Estate Custom Script 2.0 - SQL Injection				2019-01-14
ThinkPHP 5.X - Remote Command Execution				2019-01-14
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)				2019-01-14
HealthNode Hospital Management System 1.0 - SQL Injection				2019-01-14
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)				2019-01-14
Cleanto 5.0 - SQL Injection				2019-01-14
Find a Place CMS Directory 1.5 - SQL Injection				2019-01-14
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection				2019-01-14
Hootoo HT-05 - Remote Code Execution (Metasploit)				2019-01-14
xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)				2019-01-14
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection				2019-01-14
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)				2019-01-14
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection				2019-01-14
Modern POS 1.3 - SQL Injection				2019-01-14
Modern POS 1.3 - Arbitrary File Download				2019-01-14
Horde Imp - 'imap_open' Remote Command Execution				2019-01-14
i-doit CMDB 1.12 - SQL Injection				2019-01-14
i-doit CMDB 1.12 - Arbitrary File Download				2019-01-14
Across DR-810 ROM-0 - Backup File Disclosure				2019-01-14
Luminance Studio 2.17 - Denial of Service (PoC)				2019-01-11
Blob Studio 2.17 - Denial of Service (PoC)				2019-01-11
Liquid Studio 2.17 - Denial of Service (PoC)				2019-01-11
Pixel Studio 2.17 - Denial of Service (PoC)				2019-01-11
Paint Studio 2.17 - Denial of Service (PoC)				2019-01-11
Tree Studio 2.17 - Denial of Service (PoC)				2019-01-11
Selfie Studio 2.17 - Denial of Service (PoC)				2019-01-11
Windows/x86 - Download With Tftp And Execute Shellcode (51-60 bytes)(msvcrt.system)(Generator)				2019-01-11
Joomla! Component JoomCRM 1.1.1 - SQL Injection				2019-01-11
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure				2019-01-11
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)				2019-01-11
Adapt Inventory Management System 1.0 - SQL Injection				2019-01-11
OpenSource ERP 6.3.1. - SQL Injection				2019-01-10
eBrigade ERP 4.5 - SQL Injection				2019-01-10
Event Locations 1.0.1 - 'id' SQL Injection				2019-01-10
Event Calendar 3.7.4 - 'id' SQL Injection				2019-01-10
MLMPro 1.0 - SQL Injection				2019-01-10
Architectural 1.0 - 'email' SQL Injection				2019-01-10
Shield CMS 2.2 - 'email' SQL Injection				2019-01-10
doitX 1.0 - 'search' SQL Injection				2019-01-10
Matrix MLM Script 1.0 - Information Disclosure				2019-01-10
eBrigade ERP 4.5 - Arbitrary File Download				2019-01-10
PEAR Archive_Tar < 1.4.4 - PHP Object Injection				2019-01-10
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)				2019-01-10
BlogEngine 3.3 - XML External Entity Injection				2019-01-09
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork				2019-01-09
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion				2019-01-09
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)				2019-01-09
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting				2019-01-09
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)				2019-01-09
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)				2019-01-09
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)				2019-01-09
Microsoft Windows - Windows Error Reporting Local Privilege Escalation				2019-01-09
MDwiki < 0.6.2 - Cross-Site Scripting				2019-01-09
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read				2019-01-08
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection				2019-01-08
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation				2019-01-08
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation				2019-01-07
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)				2019-01-07
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection				2019-01-07
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery				2019-01-07
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)				2019-01-07
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)				2019-01-07
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)				2019-01-07
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data				2019-01-07
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal				2019-01-07
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection				2019-01-07
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation				2019-01-07
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting				2019-01-07
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting				2019-01-07
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting				2019-01-07
LayerBB 1.1.1 - Persistent Cross-Site Scripting				2019-01-07
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference				2019-01-07
All in One Video Downloader 1.2 - Authenticated SQL Injection				2019-01-07
Embed Video Scripts - Persistent Cross-Site Scripting				2019-01-07
Mailcleaner - Authenticated Remote Code Execution (Metasploit)				2019-01-07
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)				2019-01-02
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)				2019-01-02
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write				2019-01-02
WebKit JSC - 'AbstractValue::set' Use-After-Free				2019-01-02
Ayukov NFTP FTP Client 2.0 - Buffer Overflow				2019-01-02
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)				2019-01-02
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)				2019-01-02
Frog CMS 0.9.5 - Cross-Site Scripting				2019-01-02
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection				2019-01-02
Vtiger CRM 7.1.0 - Remote Code Execution				2019-01-02
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)				2019-01-02
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability				2018-12-27
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Exploit				2018-12-27
bludit Pages Editor 3.0.0 - Arbitrary File Upload Vulnerability				2018-12-27
Craft CMS 3.0.25 - Cross-Site Scripting Vulnerability				2018-12-27
MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Exploit				2018-12-27
ShareAlarmPro 2.1.4 - Denial of Service Exploit				2018-12-27
NetShareWatcher 1.5.8 - Denial of Service Exploit				2018-12-27
Product Key Explorer 4.0.9 - Denial of Service Exploit				2018-12-27
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability				2018-12-27
WordPress Baggage Freight Shipping Australia 0.1.0 Plugin - Arbitrary File Upload				2018-12-27
Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit				2018-12-27
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)				2018-12-27
Linux/x86 - Kill All Processes Shellcode (14 bytes)				2018-12-27
Google Chrome 70 - SQLite Magellan Crash Exploit				2018-12-27
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Copy/Read Exploit				2018-12-27
FrontAccounting 2.4.5 - SubmitUser SQL Injection Vulnerability				2018-12-27
WSTMart 2.0.8 - Cross-Site Scripting Vulnerability				2018-12-27
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability				2018-12-27
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability				2018-12-27
Kubernetes - (Unauthenticated) Arbitrary Requests Exploit				2018-12-27
Kubernetes - (Authenticated) Arbitrary Requests Exploit				2018-12-27
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit				2018-12-27
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit				2018-12-27
Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit				2018-12-27
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit				2018-12-27
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability				2018-12-27
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) Vulnerability				2018-12-27
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit				2018-12-27
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit				2018-12-27
VBScript - MSXML Execution Policy Bypass Exploit				2018-12-27
VBScript - VbsErase Reference Leak Use-After-Free Exploit				2018-12-27
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution Exploit				2018-12-27
AnyBurn 4.3 - Local Buffer Overflow (SEH) Exploit				2018-12-27
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Exploit				2018-12-27
Netatalk < 3.1.12 - Authentication Bypass Exploit				2018-12-27
SQLScan 1.0 - Denial of Service Exploit				2018-12-27
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit				2018-12-27
IBM Operational Decision Manager 8.x - XML External Entity Injection				2018-12-27
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure Exploit				2018-12-27
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Exploit				2018-12-27
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit				2018-12-27
Yeswiki Cercopitheque - id SQL Injection Vulnerability				2018-12-27
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability				2018-12-27
Integria IMS 5.0.83 - search_string Cross-Site Scripting Vulnerability				2018-12-27
Integria IMS 5.0.83 - Cross-Site Request Forgery Vulnerability				2018-12-27
Hotel Booking Script 3.4 - CSRF (Change Admin Password) Vulnerability				2018-12-27
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit				2018-12-27
Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit				2018-12-27
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit				2018-12-27
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit				2018-12-27
SDL Web Content Manager 8.5.0 - XML External Entity Injection Vulnerability				2018-12-27
PDF Explorer 1.5.66.2 - SEH Local Exploit				2018-12-27
GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit				2018-12-27
Windows Persistent Service Installer Exploit				2018-12-27
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability				2018-12-27
Razer Cortex Debugger Remote Command Execution Vulnerability				2018-12-27
KARMA 6.0.0 SQL Injection Vulnerability				2018-12-27
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal Vulnerabilities				2018-12-27
ShareAlarmPro 2.1.4 - Denial of Service (PoC)				2018-12-27
NetShareWatcher 1.5.8 - Denial of Service (PoC)				2018-12-27
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload				2018-12-27
bludit Pages Editor 3.0.0 - Arbitrary File Upload				2018-12-27
Iperius Backup 5.8.1 - Buffer Overflow (SEH)				2018-12-27
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)				2018-12-27
Product Key Explorer 4.0.9 - Denial of Service (PoC)				2018-12-27
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)				2018-12-27
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload				2018-12-27
Craft CMS 3.0.25 - Cross-Site Scripting				2018-12-27
Kubernetes - (Authenticated) Arbitrary Requests				2018-12-24
Kubernetes - (Unauthenticated) Arbitrary Requests				2018-12-24
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)				2018-12-24
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)				2018-12-24
Netatalk - Bypass Authentication				2018-12-24
Searching systematically for PHP disable_functions bypasses				2018-12-24
Keybase keybase-redirector - '$PATH' Local Privilege Escalation				2018-12-24
Pure In-Memory (Shell)Code Injection In Linux Userland				2018-12-24
Google Chrome 70 - SQLite Magellan Crash (PoC)				2018-12-24
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read				2018-12-24
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read				2018-12-24
Linux/x86 - Kill All Processes Shellcode (14 bytes)				2018-12-24
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)				2018-12-24
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection				2018-12-24
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)				2018-12-24
WSTMart 2.0.8 - Cross-Site Scripting				2018-12-24
Netatalk < 3.1.12 - Authentication Bypass				2018-12-21
SQLScan 1.0 - Denial of Service (PoC)				2018-12-21
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read				2018-12-21
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)				2018-12-21
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service				2018-12-21
AnyBurn 4.3 - Local Buffer Overflow (SEH)				2018-12-21
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)				2018-12-20
VBScript - MSXML Execution Policy Bypass				2018-12-20
VBScript - VbsErase Reference Leak Use-After-Free				2018-12-20
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)				2018-12-20
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution				2018-12-20
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)				2018-12-20
IBM Operational Decision Manager 8.x - XML External Entity Injection				2018-12-19
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)				2018-12-19
Yeswiki Cercopitheque - 'id' SQL Injection				2018-12-19
Bolt CMS < 3.6.2 - Cross-Site Scripting				2018-12-19
Integria IMS 5.0.83 - Cross-Site Request Forgery				2018-12-19
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting				2018-12-19
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)				2018-12-19
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)				2018-12-19
LanSpy 2.0.1.159 - Local Buffer Overflow				2018-12-19
PassFab RAR 9.3.2 - Buffer Overflow (SEH)				2018-12-19
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)				2018-12-19
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure				2018-12-19
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow				2018-12-18
MegaPing - Local Buffer Overflow Denial of Service				2018-12-18
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service				2018-12-18
AnyBurn 4.3 - Local Buffer Overflow Denial of Service				2018-12-18
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write				2018-12-18
SDL Web Content Manager 8.5.0 - XML External Entity Injection				2018-12-18
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method				2018-12-18
PassFab RAR Password Recovery SEH Local Exploit				2018-12-18
Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability				2018-12-18
MegaPing Denial of Service Exploit				2018-12-18
Excel Password Recovery Professional Denial of Service Exploit				2018-12-18
AnyBurn Local Buffer Overflow Exploit				2018-12-18
Nsauditor Local SEH Buffer Overflow Exploit				2018-12-18
Safari - Proxy Object Type Confusion Exploit				2018-12-18
Cisco RV110W - Password Disclosure / Command Execution Exploit				2018-12-18
Huawei Router HG532e - Command Execution Exploit				2018-12-18
Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability				2018-12-18
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution				2018-12-18
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Vulnerability				2018-12-18
Facebook And Google Reviews System For Businesses - CSRF (Change Admin Password)				2018-12-18
Angry IP Scanner 3.5.3 - Denial of Service Exploit				2018-12-18
UltraISO 9.7.1.3519 - Output FileName Denial of Service				2018-12-18
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow Exploit				2018-12-18
Responsive FileManager 9.13.4 - Multiple Vulnerabilities				2018-12-18
GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)				2018-12-17
Safari - Proxy Object Type Confusion (Metasploit)				2018-12-16
Double Your Bitcoin Script Automatic - Authentication Bypass				2018-12-16
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)				2018-12-16
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution				2018-12-16
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection				2018-12-16
Angry IP Scanner 3.5.3 - Denial of Service (PoC)				2018-12-16
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)				2018-12-16
Huawei Router HG532e - Command Execution				2018-12-16
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)				2018-12-16
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure				2018-12-16
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)				2018-12-16
Responsive FileManager 9.13.4 - Multiple Vulnerabilities				2018-12-16
Cisco RV110W - Password Disclosure / Command Execution				2018-12-16
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)				2018-12-16
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains				2018-12-16
Linux - 'userfaultfd' Bypasses tmpfs File Permissions				2018-12-16
Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)				2018-12-16
Adobe ColdFusion 2018 - Arbitrary File Upload				2018-12-16
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution				2018-12-16

Exploits/page:

Page: