The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[local] SAP Lumira 1.31 – Stored Cross-Site Scripting
27 November 2020, 12:00 amSAP Lumira 1.31 – Stored Cross-Site Scripting
[webapps] Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution
27 November 2020, 12:00 amRuckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution
[webapps] WonderCMS 3.1.3 – 'uploadFile' Stored Cross-Site Scripting
27 November 2020, 12:00 amWonderCMS 3.1.3 – ‘uploadFile’ Stored Cross-Site Scripting
[webapps] Acronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF
27 November 2020, 12:00 amAcronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF
[webapps] Laravel Administrator 4 – Unrestricted File Upload (Authenticated)
27 November 2020, 12:00 amLaravel Administrator 4 – Unrestricted File Upload (Authenticated)
[webapps] WordPress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated)
27 November 2020, 12:00 amWordPress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated)
[webapps] Moodle 3.8 – Unrestricted File Upload
27 November 2020, 12:00 amMoodle 3.8 – Unrestricted File Upload
[local] Foxit Reader 9.0.1.1049 – Arbitrary Code Execution
27 November 2020, 12:00 amFoxit Reader 9.0.1.1049 – Arbitrary Code Execution
[webapps] House Rental 1.0 – 'keywords' SQL Injection
27 November 2020, 12:00 amHouse Rental 1.0 – ‘keywords’ SQL Injection
[dos] libupnp 1.6.18 – Stack-based buffer overflow (DoS)
27 November 2020, 12:00 amlibupnp 1.6.18 – Stack-based buffer overflow (DoS)
[webapps] ElkarBackup 1.3.3 – 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
27 November 2020, 12:00 amElkarBackup 1.3.3 – ‘Policy[name]’ and ‘Policy[Description]’ Stored Cross-site Scripting
[webapps] WordPress Theme Wibar 1.1.8 – 'Brand Component' Stored Cross Site Scripting
27 November 2020, 12:00 amWordPress Theme Wibar 1.1.8 – ‘Brand Component’ Stored Cross Site Scripting
[webapps] Best Support System 3.0.4 – 'ticket_body' Persistent XSS (Authenticated)
27 November 2020, 12:00 amBest Support System 3.0.4 – ‘ticket_body’ Persistent XSS (Authenticated)
[dos] Pure-FTPd 1.0.48 – Remote Denial of Service
26 November 2020, 12:00 amPure-FTPd 1.0.48 – Remote Denial of Service
[remote] Razer Chroma SDK Server 3.16.02 – Race Condition Remote File Execution
26 November 2020, 12:00 amRazer Chroma SDK Server 3.16.02 – Race Condition Remote File Execution
[local] Wondershare Driver Install Service help 10.7.1.321 – 'ElevationService' Unquote Service Path
25 November 2020, 12:00 amWondershare Driver Install Service help 10.7.1.321 – ‘ElevationService’ Unquote Service Path
[webapps] WonderCMS 3.1.3 – 'page' Persistent Cross-Site Scripting
25 November 2020, 12:00 amWonderCMS 3.1.3 – ‘page’ Persistent Cross-Site Scripting
[webapps] osCommerce 2.3.4.1 – 'title' Persistent Cross-Site Scripting
25 November 2020, 12:00 amosCommerce 2.3.4.1 – ‘title’ Persistent Cross-Site Scripting
[webapps] SyncBreeze 10.0.28 – 'password' Remote Buffer Overflow
25 November 2020, 12:00 amSyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow
[webapps] Apache OpenMeetings 5.0.0 – 'hostname' Denial of Service
24 November 2020, 12:00 amApache OpenMeetings 5.0.0 – ‘hostname’ Denial of Service
[webapps] ZeroShell 3.9.0 – 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
24 November 2020, 12:00 amZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit)
[webapps] Seowon 130-SLC router 1.0.11 – 'ipAddr' RCE (Authenticated)
24 November 2020, 12:00 amSeowon 130-SLC router 1.0.11 – ‘ipAddr’ RCE (Authenticated)
[webapps] OpenCart 3.0.3.6 – 'Profile Image' Stored Cross-Site Scripting (Authenticated)
24 November 2020, 12:00 amOpenCart 3.0.3.6 – ‘Profile Image’ Stored Cross-Site Scripting (Authenticated)
[webapps] OpenCart 3.0.3.6 – 'subject' Stored Cross-Site Scripting
24 November 2020, 12:00 amOpenCart 3.0.3.6 – ‘subject’ Stored Cross-Site Scripting
[local] docPrint Pro 8.0 – 'Add URL' Buffer Overflow (SEH Egghunter)
24 November 2020, 12:00 amdocPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter)
[webapps] nopCommerce Store 4.30 – 'name' Stored Cross-Site Scripting
24 November 2020, 12:00 amnopCommerce Store 4.30 – ‘name’ Stored Cross-Site Scripting
[local] Boxoft Audio Converter 2.3.0 – '.wav' Buffer Overflow (SEH)
23 November 2020, 12:00 amBoxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH)
[webapps] LifeRay 7.2.1 GA2 – Stored XSS
23 November 2020, 12:00 amLifeRay 7.2.1 GA2 – Stored XSS
[webapps] VTiger v7.0 CRM – 'To' Persistent XSS
23 November 2020, 12:00 amVTiger v7.0 CRM – ‘To’ Persistent XSS
[webapps] TP-Link TL-WA855RE V5_200415 – Device Reset Auth Bypass
23 November 2020, 12:00 amTP-Link TL-WA855RE V5_200415 – Device Reset Auth Bypass
[local] Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH)
20 November 2020, 12:00 amZortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH)
[webapps] WonderCMS 3.1.3 – 'content' Persistent Cross-Site Scripting
20 November 2020, 12:00 amWonderCMS 3.1.3 – ‘content’ Persistent Cross-Site Scripting
[local] IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id' Field Stack Based Buffer Overflow
20 November 2020, 12:00 amIBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow
[local] Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit)
20 November 2020, 12:00 amFree MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit)
[local] Boxoft Convert Master 1.3.0 – 'wav' SEH Local Exploit
20 November 2020, 12:00 amBoxoft Convert Master 1.3.0 – ‘wav’ SEH Local Exploit
[webapps] TestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution
19 November 2020, 12:00 amTestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution
[webapps] TestBox CFML Test Framework 4.1.0 – Directory Traversal
19 November 2020, 12:00 amTestBox CFML Test Framework 4.1.0 – Directory Traversal
[webapps] Gemtek WVRTM-127ACN 01.01.02.141 – Authenticated Arbitrary Command Injection
19 November 2020, 12:00 amGemtek WVRTM-127ACN 01.01.02.141 – Authenticated Arbitrary Command Injection
[webapps] M/Monit 3.7.4 – Password Disclosure
19 November 2020, 12:00 amM/Monit 3.7.4 – Password Disclosure
[webapps] PESCMS TEAM 2.3.2 – Multiple Reflected XSS
19 November 2020, 12:00 amPESCMS TEAM 2.3.2 – Multiple Reflected XSS
[webapps] Fortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification
19 November 2020, 12:00 amFortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification
[webapps] Gitlab 12.9.0 – Arbitrary File Read (Authenticated)
19 November 2020, 12:00 amGitlab 12.9.0 – Arbitrary File Read (Authenticated)
[remote] Genexis Platinum 4410 Router 2.1 – UPnP Credential Exposure
19 November 2020, 12:00 amGenexis Platinum 4410 Router 2.1 – UPnP Credential Exposure
[dos] Internet Download Manager 6.38.12 – Scheduler Downloads Scheduler Buffer Overflow (PoC)
19 November 2020, 12:00 amInternet Download Manager 6.38.12 – Scheduler Downloads Scheduler Buffer Overflow (PoC)
[webapps] xuucms 3 – 'keywords' SQL Injection
19 November 2020, 12:00 amxuucms 3 – ‘keywords’ SQL Injection
[webapps] Nagios Log Server 2.1.7 – Persistent Cross-Site Scripting
19 November 2020, 12:00 amNagios Log Server 2.1.7 – Persistent Cross-Site Scripting
[webapps] M/Monit 3.7.4 – Privilege Escalation
19 November 2020, 12:00 amM/Monit 3.7.4 – Privilege Escalation
[webapps] BigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery
18 November 2020, 12:00 amBigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery
[webapps] WordPress Plugin WPForms 1.6.3.1 – Persistent Cross Site Scripting (Authenticated)
18 November 2020, 12:00 amWordPress Plugin WPForms 1.6.3.1 – Persistent Cross Site Scripting (Authenticated)
[remote] ZeroLogon – Netlogon Elevation of Privilege
18 November 2020, 12:00 amZeroLogon – Netlogon Elevation of Privilege