The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[webapps] SpamTitan 7.07 – Remote Code Execution (Authenticated)
18 September 2020, 12:00 amSpamTitan 7.07 – Remote Code Execution (Authenticated)
[webapps] Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated)
18 September 2020, 12:00 amMantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated)
[remote] Microsoft SQL Server Reporting Services 2016 – Remote Code Execution
17 September 2020, 12:00 amMicrosoft SQL Server Reporting Services 2016 – Remote Code Execution
[webapps] Piwigo 2.10.1 – Cross Site Scripting
16 September 2020, 12:00 amPiwigo 2.10.1 – Cross Site Scripting
[local] Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software
16 September 2020, 12:00 amWindows TCPIP Finger Command – C2 Channel and Bypassing Security Software
[webapps] ThinkAdmin 6 – Arbitrarily File Read
15 September 2020, 12:00 amThinkAdmin 6 – Arbitrarily File Read
[webapps] Tailor MS 1.0 – Reflected Cross-Site Scripting
15 September 2020, 12:00 amTailor MS 1.0 – Reflected Cross-Site Scripting
[webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
14 September 2020, 12:00 amRAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
[local] Rapid7 Nexpose Installer 6.6.39 – 'nexposeengine' Unquoted Service Path
14 September 2020, 12:00 amRapid7 Nexpose Installer 6.6.39 – ‘nexposeengine’ Unquoted Service Path
[webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
14 September 2020, 12:00 amRAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
[local] Pearson Vue VTS 2.3.1911 Installer – 'VUEApplicationWrapper' Unquoted Service Path
14 September 2020, 12:00 amPearson Vue VTS 2.3.1911 Installer – ‘VUEApplicationWrapper’ Unquoted Service Path
[webapps] Joomla! paGO Commerce 2.5.9.0 – SQL Injection (Authenticated)
14 September 2020, 12:00 amJoomla! paGO Commerce 2.5.9.0 – SQL Injection (Authenticated)
[local] Internet Explorer 11 – Use-After-Free
11 September 2020, 12:00 amInternet Explorer 11 – Use-After-Free
[webapps] Tea LaTex 1.0 – Remote Code Execution (Unauthenticated)
11 September 2020, 12:00 amTea LaTex 1.0 – Remote Code Execution (Unauthenticated)
[webapps] VTENEXT 19 CE – Remote Code Execution
11 September 2020, 12:00 amVTENEXT 19 CE – Remote Code Execution
[local] Gnome Fonts Viewer 3.34.0 – Heap Corruption
11 September 2020, 12:00 amGnome Fonts Viewer 3.34.0 – Heap Corruption
[webapps] Tiandy IPC and NVR 9.12.7 – Credential Disclosure
10 September 2020, 12:00 amTiandy IPC and NVR 9.12.7 – Credential Disclosure
[webapps] CuteNews 2.1.2 – Remote Code Execution
10 September 2020, 12:00 amCuteNews 2.1.2 – Remote Code Execution
[webapps] ZTE Router F602W – Captcha Bypass
10 September 2020, 12:00 amZTE Router F602W – Captcha Bypass
[local] Input Director 1.4.3 – 'Input Director' Unquoted Service Path
9 September 2020, 12:00 amInput Director 1.4.3 – ‘Input Director’ Unquoted Service Path
[local] Audio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH)
9 September 2020, 12:00 amAudio Playback Recorder 3.2.2 – Local Buffer Overflow (SEH)
[webapps] Tailor Management System – 'id' SQL Injection
9 September 2020, 12:00 amTailor Management System – ‘id’ SQL Injection
[webapps] Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)
9 September 2020, 12:00 amScopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)
[local] ShareMouse 5.0.43 – 'ShareMouse Service' Unquoted Service Path
8 September 2020, 12:00 amShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path
[webapps] ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
7 September 2020, 12:00 amManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
[webapps] Cabot 0.11.12 – Persistent Cross-Site Scripting
7 September 2020, 12:00 amCabot 0.11.12 – Persistent Cross-Site Scripting
[webapps] grocy 2.7.1 – Persistent Cross-Site Scripting
7 September 2020, 12:00 amgrocy 2.7.1 – Persistent Cross-Site Scripting
[local] Nord VPN-6.31.13.0 – 'nordvpn-service' Unquoted Service Path
4 September 2020, 12:00 amNord VPN-6.31.13.0 – ‘nordvpn-service’ Unquoted Service Path
[local] BarracudaDrive v6.5 – Insecure Folder Permissions
3 September 2020, 12:00 amBarracudaDrive v6.5 – Insecure Folder Permissions
[webapps] Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting
3 September 2020, 12:00 amSavsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting
[webapps] BloodX CMS 1.0 – Authentication Bypass
3 September 2020, 12:00 amBloodX CMS 1.0 – Authentication Bypass
[webapps] Daily Tracker System 1.0 – Authentication Bypass
3 September 2020, 12:00 amDaily Tracker System 1.0 – Authentication Bypass
[webapps] SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated)
3 September 2020, 12:00 amSiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated)
[webapps] Stock Management System 1.0 – Cross-Site Request Forgery (Change Username)
2 September 2020, 12:00 amStock Management System 1.0 – Cross-Site Request Forgery (Change Username)
[webapps] Mara CMS 7.5 – Remote Code Execution (Authenticated)
1 September 2020, 12:00 amMara CMS 7.5 – Remote Code Execution (Authenticated)
[webapps] moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
1 September 2020, 12:00 ammoziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
[local] BlazeDVD 7.0 Professional – '.plf' Local Buffer Overflow (SEH,ASLR,DEP)
31 August 2020, 12:00 amBlazeDVD 7.0 Professional – ‘.plf’ Local Buffer Overflow (SEH,ASLR,DEP)
[webapps] Fuel CMS 1.4.8 – 'fuel_replace_id' SQL Injection (Authenticated)
31 August 2020, 12:00 amFuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
[webapps] CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
31 August 2020, 12:00 amCMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
[webapps] Online Book Store 1.0 – 'id' SQL Injection
31 August 2020, 12:00 amOnline Book Store 1.0 – ‘id’ SQL Injection
[webapps] Mara CMS 7.5 – Reflective Cross-Site Scripting
31 August 2020, 12:00 amMara CMS 7.5 – Reflective Cross-Site Scripting
[webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection
28 August 2020, 12:00 amOnline Shopping Alphaware 1.0 – ‘id’ SQL Injection
[webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting
28 August 2020, 12:00 amNagios Log Server 2.1.6 – Persistent Cross-Site Scripting
[webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
28 August 2020, 12:00 amSymphonyCMS 3.0.0 – Persistent Cross-Site Scripting
[webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
28 August 2020, 12:00 amEibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation
[webapps] Mida eFramework 2.9.0 – Remote Code Execution
27 August 2020, 12:00 amMida eFramework 2.9.0 – Remote Code Execution
[local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
27 August 2020, 12:00 amASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
[webapps] WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
27 August 2020, 12:00 amWordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
[webapps] Ericom Access Server x64 9.2.0 – Server-Side Request Forgery
26 August 2020, 12:00 amEricom Access Server x64 9.2.0 – Server-Side Request Forgery
[webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal
26 August 2020, 12:00 amEibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal