The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[dos] SpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC)
25 February 2020, 12:00 amSpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC)
[webapps] Magento WooCommerce CardGate Payment Gateway 2.0.30 – Payment Process Bypass
25 February 2020, 12:00 amMagento WooCommerce CardGate Payment Gateway 2.0.30 – Payment Process Bypass
[dos] aSc TimeTables 2020.11.4 – Denial of Service (PoC)
25 February 2020, 12:00 amaSc TimeTables 2020.11.4 – Denial of Service (PoC)
[webapps] WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 – Payment Process Bypass
25 February 2020, 12:00 amWordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 – Payment Process Bypass
[dos] Odin Secure FTP Expert 7.6.3 – Denial of Service (PoC)
25 February 2020, 12:00 amOdin Secure FTP Expert 7.6.3 – Denial of Service (PoC)
[webapps] ManageEngine EventLog Analyzer 10.0 – Information Disclosure
24 February 2020, 12:00 amManageEngine EventLog Analyzer 10.0 – Information Disclosure
[dos] Go SSH servers 0.0.2 – Denial of Service (PoC)
24 February 2020, 12:00 amGo SSH servers 0.0.2 – Denial of Service (PoC)
[webapps] Real Web Pentesting Tutorial Step by Step – [Persian]
24 February 2020, 12:00 amReal Web Pentesting Tutorial Step by Step – [Persian]
[webapps] SecuSTATION IPCAM-130 HD Camera – Remote Configuration Disclosure
24 February 2020, 12:00 amSecuSTATION IPCAM-130 HD Camera – Remote Configuration Disclosure
[webapps] CandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin)
24 February 2020, 12:00 amCandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin)
[webapps] SecuSTATION SC-831 HD Camera – Remote Configuration Disclosure
24 February 2020, 12:00 amSecuSTATION SC-831 HD Camera – Remote Configuration Disclosure
[local] Android Binder – Use-After-Free (Metasploit)
24 February 2020, 12:00 amAndroid Binder – Use-After-Free (Metasploit)
[remote] Apache James Server 2.3.2 – Insecure User Creation Arbitrary File Write (Metasploit)
24 February 2020, 12:00 amApache James Server 2.3.2 – Insecure User Creation Arbitrary File Write (Metasploit)
[local] Diamorphine Rootkit – Signal Privilege Escalation (Metasploit)
24 February 2020, 12:00 amDiamorphine Rootkit – Signal Privilege Escalation (Metasploit)
[webapps] I6032B-P POE 2.0MP Outdoor Camera – Remote Configuration Disclosure
24 February 2020, 12:00 amI6032B-P POE 2.0MP Outdoor Camera – Remote Configuration Disclosure
[webapps] ATutor 2.2.4 – 'id' SQL Injection
24 February 2020, 12:00 amATutor 2.2.4 – ‘id’ SQL Injection
[webapps] Cacti 1.2.8 – Remote Code Execution
24 February 2020, 12:00 amCacti 1.2.8 – Remote Code Execution
[webapps] AMSS++ 4.7 – Backdoor Admin Account
24 February 2020, 12:00 amAMSS++ 4.7 – Backdoor Admin Account
[webapps] Aptina AR0130 960P 1.3MP Camera – Remote Configuration Disclosure
24 February 2020, 12:00 amAptina AR0130 960P 1.3MP Camera – Remote Configuration Disclosure
[dos] Quick N Easy Web Server 3.3.8 – Denial of Service (PoC)
24 February 2020, 12:00 amQuick N Easy Web Server 3.3.8 – Denial of Service (PoC)
[webapps] DotNetNuke 9.5 – File Upload Restrictions Bypass
24 February 2020, 12:00 amDotNetNuke 9.5 – File Upload Restrictions Bypass
[webapps] AMSS++ v 4.31 – 'id' SQL Injection
24 February 2020, 12:00 amAMSS++ v 4.31 – ‘id’ SQL Injection
[webapps] DotNetNuke 9.5 – Persistent Cross-Site Scripting
24 February 2020, 12:00 amDotNetNuke 9.5 – Persistent Cross-Site Scripting
[webapps] ESCAM QD-900 WIFI HD Camera – Remote Configuration Disclosure
24 February 2020, 12:00 amESCAM QD-900 WIFI HD Camera – Remote Configuration Disclosure
[webapps] eLection 2.0 – 'id' SQL Injection
24 February 2020, 12:00 ameLection 2.0 – ‘id’ SQL Injection
[webapps] Avaya IP Office Application Server 11.0.0.0 – Reflective Cross-Site Scripting
24 February 2020, 12:00 amAvaya IP Office Application Server 11.0.0.0 – Reflective Cross-Site Scripting
[dos] Core FTP Lite 1.3 – Denial of Service (PoC)
20 February 2020, 12:00 amCore FTP Lite 1.3 – Denial of Service (PoC)
[webapps] Easy2Pilot 7 – Cross-Site Request Forgery (Add User)
20 February 2020, 12:00 amEasy2Pilot 7 – Cross-Site Request Forgery (Add User)
[webapps] Virtual Freer 1.58 – Remote Command Execution
19 February 2020, 12:00 amVirtual Freer 1.58 – Remote Command Execution
[webapps] DBPower C300 HD Camera – Remote Configuration Disclosure
19 February 2020, 12:00 amDBPower C300 HD Camera – Remote Configuration Disclosure
[webapps] Nanometrics Centaur 4.3.23 – Unauthenticated Remote Memory Leak
19 February 2020, 12:00 amNanometrics Centaur 4.3.23 – Unauthenticated Remote Memory Leak
[local] MSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation
17 February 2020, 12:00 amMSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation
[local] DHCP Turbo 4.61298 – 'DHCP Turbo 4' Unquoted Service Path
17 February 2020, 12:00 amDHCP Turbo 4.61298 – ‘DHCP Turbo 4’ Unquoted Service Path
[webapps] WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting
17 February 2020, 12:00 amWordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting
[local] TFTP Turbo 4.6.1273 – 'TFTP Turbo 4' Unquoted Service Path
17 February 2020, 12:00 amTFTP Turbo 4.6.1273 – ‘TFTP Turbo 4’ Unquoted Service Path
[webapps] SOPlanning 1.45 – 'by' SQL Injection
17 February 2020, 12:00 amSOPlanning 1.45 – ‘by’ SQL Injection
[webapps] WordPress Plugin Strong Testimonials 2.40.1 – Persistent Cross-Site Scripting
17 February 2020, 12:00 amWordPress Plugin Strong Testimonials 2.40.1 – Persistent Cross-Site Scripting
[webapps] SOPlanning 1.45 – 'users' SQL Injection
17 February 2020, 12:00 amSOPlanning 1.45 – ‘users’ SQL Injection
[webapps] LabVantage 8.3 – Information Disclosure
17 February 2020, 12:00 amLabVantage 8.3 – Information Disclosure
[remote] Anviz CrossChex – Buffer Overflow (Metasploit)
17 February 2020, 12:00 amAnviz CrossChex – Buffer Overflow (Metasploit)
[local] BOOTP Turbo 2.0.1214 – 'BOOTP Turbo' Unquoted Service Path
17 February 2020, 12:00 amBOOTP Turbo 2.0.1214 – ‘BOOTP Turbo’ Unquoted Service Path
[webapps] Avaya Aura Communication Manager 5.2 – Remote Code Execution
17 February 2020, 12:00 amAvaya Aura Communication Manager 5.2 – Remote Code Execution
[local] Cuckoo Clock v5.0 – Buffer Overflow
17 February 2020, 12:00 amCuckoo Clock v5.0 – Buffer Overflow
[local] HP System Event 1.2.9.0 – 'HPWMISVC' Unquoted Service Path
17 February 2020, 12:00 amHP System Event 1.2.9.0 – ‘HPWMISVC’ Unquoted Service Path
[webapps] SOPlanning 1.45 – Cross-Site Request Forgery (Add User)
17 February 2020, 12:00 amSOPlanning 1.45 – Cross-Site Request Forgery (Add User)
[webapps] Ice HRM 26.2.0 – Cross-Site Request Forgery (Add User)
17 February 2020, 12:00 amIce HRM 26.2.0 – Cross-Site Request Forgery (Add User)
[local] EPSON EasyMP Network Projection 2.81 – 'EMP_NSWLSV' Unquoted Service Path
14 February 2020, 12:00 amEPSON EasyMP Network Projection 2.81 – ‘EMP_NSWLSV’ Unquoted Service Path
[local] SprintWork 2.3.1 – Local Privilege Escalation
14 February 2020, 12:00 amSprintWork 2.3.1 – Local Privilege Escalation
[local] PHP 7.0 < 7.4 (Unix) – 'debug_backtrace' disable_functions Bypass
30 January 2020, 12:00 amPHP 7.0 < 7.4 (Unix) – 'debug_backtrace' disable_functions Bypass
[local] Windows Kernel – Information Disclosure
27 January 2020, 12:00 amWindows Kernel – Information Disclosure