Exploit-Database.net

Exploits (Total: 96660)


FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)				2020-01-31
Lotus Core CMS 1.0.1 - Local File Inclusion				2020-01-31
OpenSMTPD 6.6.2 - Remote Code Execution				2020-01-30
rConfig 3.9.3 - Authenticated Remote Code Execution				2020-01-30
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)				2020-01-30
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting				2020-01-29
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution				2020-01-29
Centreon 19.10.5 - 'Pollers' Remote Command Execution				2020-01-29
Satellian 1.12 - Remote Code Execution				2020-01-29
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing				2020-01-29
XMLBlueprint 16.191112 - XML External Entity Injection				2020-01-29
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)				2020-01-29
Liferay CE Portal 6.0.2 - Remote Command Execution				2020-01-29
Kibana 6.6.1 - CSV Injection				2020-01-29
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image				2020-01-28
Centreon 19.10.5 - Remote Command Execution				2020-01-28
Centreon 19.10.5 - Database Credentials Disclosure				2020-01-28
Octeth Oempro 4.8 - 'CampaignID' SQL Injection				2020-01-28
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)				2020-01-28
Torrent 3GP Converter 1.51 - Stack Overflow (SEH)				2020-01-27
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)				2020-01-24
Ricoh Printer Drivers - Local Privilege Escalation				2020-01-24
Genexis Platinum-4410 2.1 - Authentication Bypass				2020-01-24
OLK Web Store 2020 - Cross-Site Request Forgery				2020-01-24
Webtareas 2.0 - 'id' SQL Injection				2020-01-24
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot				2020-01-24
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)				2020-01-23
Pachev FTP Server 1.0 - Path Traversal				2020-01-23
BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)				2020-01-23
qdPM 9.1 - Remote Code Execution				2020-01-23
Windows/7 - Screen Lock Shellcode (9 bytes)				2020-01-22
KeePass 2.44 - Denial of Service (PoC)				2020-01-22
Citrix XenMobile Server 10.8 - XML External Entity Injection				2020-01-22
NEOWISE CARBONFTP 1.4 - Weak Password Encryption				2020-01-21
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection				2020-01-21
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)				2020-01-20
Sysax Multi Server 5.50 - Denial of Service (PoC)				2020-01-20
Adive Framework 2.0.8 - Persistent Cross-Site Scripting				2020-01-20
Easy XML Editor 1.7.8 - XML External Entity Injection				2020-01-20
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)				2020-01-17
Trend Micro Maximum Security 2019 - Privilege Escalation				2020-01-17
GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC)				2020-01-17
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass				2020-01-17
Trend Micro Maximum Security 2019 - Arbitrary Code Execution				2020-01-17
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass				2020-01-17
Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite)				2020-01-17
APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC)				2020-01-17
Sagemcom [email protected] 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution				2020-01-16
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)				2020-01-16
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection				2020-01-16
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate				2020-01-16
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation				2020-01-16
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection				2020-01-16
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal				2020-01-16
Tautulli 2.1.9 - Denial of Service ( Metasploit )				2020-01-16
Online Book Store 1.0 - Arbitrary File Upload				2020-01-16
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting				2020-01-16
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection				2020-01-16
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting				2020-01-16
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)				2020-01-15
Huawei HG255 - Directory Traversal ( Metasploit )				2020-01-15
Online Book Store 1.0 - 'bookisbn' SQL Injection				2020-01-15
Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN				2020-01-14
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM				2020-01-14
Redir 3.3 - Denial of Service (PoC)				2020-01-14
IBM RICOH 6400 Printer - HTML Injection				2020-01-14
IBM RICOH InfoPrint 6500 Printer - HTML Injection				2020-01-14
VPN unlimited 6.1 - Unquoted Service Path				2020-01-14
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)				2020-01-13
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting				2020-01-13
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)				2020-01-13
Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)				2020-01-13
TaskCanvas 1.4.0 - 'Registration' Denial Of Service				2020-01-13
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)				2020-01-13
Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC)				2020-01-13
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)				2020-01-13
Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)				2020-01-13
SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC)				2020-01-13
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions				2020-01-13
SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)				2020-01-13
Chevereto 3.13.4 Core - Remote Code Execution				2020-01-13
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution				2020-01-11
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)				2020-01-11
ASTPP 4.0.1 VoIP Billing - Database Backup Download				2020-01-10
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution				2020-01-10
Pandora 7.0NG - Remote Code Execution				2020-01-10
TotalAV 2020 4.14.31 - Privilege Escalation				2020-01-10
MSN Password Recovery 1.30 - XML External Entity Injection				2020-01-09
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution				2020-01-09
ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)				2020-01-09
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)				2020-01-08
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape				2020-01-08
JetBrains TeamCity 2018.2.4 - Remote Code Execution				2020-01-08
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)				2020-01-08
ASTPP VoIP 4.0.1 - Remote Code Execution				2020-01-08
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow				2020-01-08
Online Book Store 1.0 - Unauthenticated Remote Code Execution				2020-01-08
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting				2020-01-08
Cisco DCNM JBoss 10.4 - Credential Leakage				2020-01-08
Complaint Management System 4.0 - Remote Code Execution				2020-01-07
AnyDesk 5.4.0 - Unquoted Service Path				2020-01-07
piSignage 2.6.4 - Directory Traversal				2020-01-07
Job Portal 1.0 - Remote Code Execution				2020-01-07
Windows - Shell COM Server Registrar Local Privilege Escalation				2020-01-06
Django < 3.0 < 2.2 < 1.11 - Account Hijack				2020-01-06
Microsoft Outlook VCF cards - Denial of Service (PoC)				2020-01-06
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)				2020-01-06
Codoforum 4.8.3 - Persistent Cross-Site Scripting				2020-01-06
Voyager 1.3.0 - Directory Traversal				2020-01-06
Small CRM 2.0 - Authentication Bypass				2020-01-06
Duplicate Cleaner Pro 4 - Denial of Service (PoC)				2020-01-06
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)				2020-01-06
SpotIM 2.2 - 'Name' Denial Of Service				2020-01-06
SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)				2020-01-06
SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)				2020-01-06
Office Product Key Finder 1.5.4 - Denial of Service (PoC)				2020-01-06
NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)				2020-01-06
RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)				2020-01-06
Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)				2020-01-06
RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)				2020-01-06
TextCrawler Pro3.1.1 - Denial of Service (PoC)				2020-01-06
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)				2020-01-06
NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)				2020-01-06
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)				2020-01-06
elaniin CMS 1.0 - Authentication Bypass				2020-01-06
BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)				2020-01-06
Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)				2020-01-06
SpotIE 2.9.5 - 'Key' Denial of Service (PoC)				2020-01-06
Hostel Management System 2.0 - 'id' SQL Injection				2020-01-06
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)				2020-01-06
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path				2020-01-06
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)				2020-01-06
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting				2020-01-06
NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service				2020-01-06
Complaint Management System 4.0 - 'cid' SQL injection				2020-01-06
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection				2020-01-06
Plantronics Hub 3.13.2 - Local Privilege Escalation				2020-01-03
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection				2020-01-03
Online Course Registration 2.0 - Remote Code Execution				2020-01-03
BloodX 1.0 - Authentication Bypass				2020-01-02
Hospital Management System 4.0 - Persistent Cross-Site Scripting				2020-01-02
Hospital Management System 4.0 - 'searchdata' SQL Injection				2020-01-02
MSN Password Recovery 1.30 - Denial of Service (PoC)				2020-01-02
Microsoft Windows .Group File - Code Execution				2020-01-01
nostromo 1.9.6 - Remote Code Execution				2020-01-01
Hospital Management System 4.0 - Authentication Bypass				2020-01-01
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal				2020-01-01
Shopping Portal ProVersion 3.0 - Authentication Bypass				2020-01-01
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass				2019-12-31
NextVPN v4.10 - Insecure File Permissions				2019-12-31
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation				2019-12-30
FreeBSD-SA-19:02.fd - Privilege Escalation				2019-12-30
Heatmiser Netmonitor 3.03 - HTML Injection				2019-12-30
RICOH Web Image Monitor 1.09 - HTML Injection				2019-12-30
RICOH SP 4510SF Printer - HTML Injection				2019-12-30
Domain Quester Pro 6.02 - Stack Overflow (SEH)				2019-12-30
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure				2019-12-30
Heatmiser Netmonitor 3.03 - Hardcoded Credentials				2019-12-30
AVE DOMINAplus 1.10.x - Authentication Bypass				2019-12-30
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)				2019-12-30
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot				2019-12-30
AVE DOMINAplus 1.10.x - Credential Disclosure				2019-12-30
Wing FTP Server 6.0.7 - Unquoted Service Path				2019-12-30
WEMS BEMS 21.3.1 - Undocumented Backdoor Account				2019-12-30
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)				2019-12-30
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)				2019-12-30
Thrive Smart Home 1.1 - Authentication Bypass				2019-12-30
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)				2019-12-30
FTP Navigator 8.03 - Stack Overflow (SEH)				2019-12-30
elearning-script 1.0 - Authentication Bypass				2019-12-30
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)				2019-12-30
HomeAutomation 3.3.2 - Remote Code Execution				2019-12-30
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)				2019-12-30
HomeAutomation 3.3.2 - Authentication Bypass				2019-12-30
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting				2019-12-30
Microsoft UPnP - Local Privilege Elevation (Metasploit)				2019-12-30
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)				2019-12-30
OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)				2019-12-30
Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)				2019-12-24
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service				2019-12-21
FreeSWITCH 1.10.1 - Command Execution				2019-12-21
phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting				2019-12-21
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)				2019-12-21
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation				2019-12-19
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)				2019-12-19
Telerik UI - Remote Code Execution via Insecure Deserialization				2019-12-18
OpenMRS - Java Deserialization RCE (Metasploit)				2019-12-18
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()				2019-12-18
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting				2019-12-18
AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow				2019-12-18
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)				2019-12-18
XnView 2.49.1 - 'Research' Denial of Service (PoC)				2019-12-18
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)				2019-12-18
Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)				2019-12-17
NopCommerce 4.2.0 - Privilege Escalation				2019-12-17
Netgear R6400 - Remote Code Execution				2019-12-17
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting				2019-12-17
Roxy Fileman 1.4.5 - Directory Traversal				2019-12-17
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting				2019-12-17
OpenBSD 6.x - Dynamic Loader Privilege Escalation				2019-12-16
Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds				2019-12-16
D-Link DIR-615 - Privilege Escalation				2019-12-16
FTP Commander Pro 8.03 - Local Stack Overflow				2019-12-13
NVMS 1000 - Directory Traversal				2019-12-13
Bullwark Momentum Series JAWS 1.0 - Directory Traversal				2019-12-12
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)				2019-12-12
Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)				2019-12-12
Apache Olingo OData 4.0 - XML External Entity Injection				2019-12-11
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font				2019-12-11
AppXSvc 17763 - Arbitrary File Overwrite (DoS)				2019-12-11
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)				2019-12-11
Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)				2019-12-11
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution				2019-12-10
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery				2019-12-10
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials				2019-12-10
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting				2019-12-09
Alcatel-Lucent Omnivista 8770 - Remote Code Execution				2019-12-09
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution				2019-12-09
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)				2019-12-09
PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass				2019-12-09
Omron PLC 1.0.0 - Denial of Service (PoC)				2019-12-09
Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting				2019-12-09
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)				2019-12-09
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)				2019-12-09
Microsoft Windows - Multiple UAC Protection Bypasses				2019-12-09
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack				2019-12-09
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite				2019-12-06
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow				2019-12-06
Verot 2.0.3 - Remote Code Execution				2019-12-06
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution				2019-12-05
Amiti Antivirus 25.0.640 - Unquoted Service Path				2019-12-05
NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path				2019-12-05
OwnCloud 8.1.8 - Username Disclosure				2019-12-04
Cisco WLC 2504 8.9 - Denial of Service (PoC)				2019-12-04
Microsoft Visual Basic 2010 Express - XML External Entity Injection				2019-12-04
SSDWLAB 6.1 - Authentication Bypass				2019-12-04
Online Clinic Management System 2.2 - HTML Injection				2019-12-04
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass				2019-12-03
Revive Adserver 4.2 - Remote Code Execution				2019-12-03
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery				2019-12-03
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting				2019-12-03
Xinet Elegant 6 Asset Library Web Interface 6.1.655 - 'username' SQL Injection				2019-12-02
Microsoft Excel 2016 1901 - XML External Entity Injection				2019-12-02
Anviz CrossChex 4.3.12 - Local Buffer Overflow				2019-12-02
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions				2019-12-02
Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)				2019-12-02
Dokuwiki 2018-04-22b - Username Enumeration				2019-12-02
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery				2019-12-02
Visual Studio 2008 - XML External Entity Injection				2019-12-02
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)				2019-12-02

Exploits/page:

Page: