The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[webapps] Budget and Expense Tracker System 1.0 – Arbitrary File Upload
23 September 2021, 12:00 amBudget and Expense Tracker System 1.0 – Arbitrary File Upload
[webapps] Gurock Testrail 7.2.0.3014 – 'files.md5' Improper Access Control
23 September 2021, 12:00 amGurock Testrail 7.2.0.3014 – ‘files.md5’ Improper Access Control
[dos] Redragon Gaming Mouse – 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
23 September 2021, 12:00 amRedragon Gaming Mouse – ‘REDRAGON_MOUSE.sys’ Denial-Of-Service (PoC)
[webapps] WordPress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload
23 September 2021, 12:00 amWordPress Plugin 3DPrint Lite 1.9.1.4 – Arbitrary File Upload
[webapps] Backdrop CMS 1.20.0 – 'Multiple' Cross-Site Request Forgery (CSRF)
23 September 2021, 12:00 amBackdrop CMS 1.20.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
[webapps] WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS)
23 September 2021, 12:00 amWordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS)
[webapps] WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF)
23 September 2021, 12:00 amWordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF)
[webapps] Police Crime Record Management Project 1.0 – Time Based SQLi
23 September 2021, 12:00 amPolice Crime Record Management Project 1.0 – Time Based SQLi
[webapps] Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated)
22 September 2021, 12:00 amFilerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated)
[webapps] e107 CMS 2.3.0 – Remote Code Execution (RCE) (Authenticated)
22 September 2021, 12:00 ame107 CMS 2.3.0 – Remote Code Execution (RCE) (Authenticated)
[webapps] OpenCats 0.9.4-2 – 'docx ' XML External Entity Injection (XXE)
22 September 2021, 12:00 amOpenCats 0.9.4-2 – ‘docx ‘ XML External Entity Injection (XXE)
[webapps] Cloudron 6.2 – 'returnTo ' Cross Site Scripting (Reflected)
22 September 2021, 12:00 amCloudron 6.2 – ‘returnTo ‘ Cross Site Scripting (Reflected)
[webapps] Sentry 8.2.0 – Remote Code Execution (RCE) (Authenticated)
22 September 2021, 12:00 amSentry 8.2.0 – Remote Code Execution (RCE) (Authenticated)
[webapps] Online Reviewer System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
22 September 2021, 12:00 amOnline Reviewer System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] Simple Attendance System 1.0 – Unauthenticated Blind SQLi
22 September 2021, 12:00 amSimple Attendance System 1.0 – Unauthenticated Blind SQLi
[local] TotalAV 5.15.69 – Unquoted Service Path
22 September 2021, 12:00 amTotalAV 5.15.69 – Unquoted Service Path
[webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
21 September 2021, 12:00 amBudget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated)
21 September 2021, 12:00 amWebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated)
[dos] Yenkee Hornet Gaming Mouse – 'GM312Fltr.sys' Denial-Of-Service (PoC)
21 September 2021, 12:00 amYenkee Hornet Gaming Mouse – ‘GM312Fltr.sys’ Denial-Of-Service (PoC)
[webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF)
20 September 2021, 12:00 amT-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
[webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated)
20 September 2021, 12:00 amChurch Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
[webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated)
20 September 2021, 12:00 amWordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
[webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
20 September 2021, 12:00 amOnline Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
20 September 2021, 12:00 amChurch Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass
20 September 2021, 12:00 amBudget and Expense Tracker System 1.0 – Authenticated Bypass
[webapps] Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)
17 September 2021, 12:00 amLibrary Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)
[webapps] WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass
17 September 2021, 12:00 amWordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass
[webapps] Simple Attendance System 1.0 – Authenticated bypass
17 September 2021, 12:00 amSimple Attendance System 1.0 – Authenticated bypass
[webapps] ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated)
16 September 2021, 12:00 amImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated)
[webapps] AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated)
15 September 2021, 12:00 amAlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated)
[webapps] Support Board 3.3.3 – 'Multiple' SQL Injection (Unauthenticated)
15 September 2021, 12:00 amSupport Board 3.3.3 – ‘Multiple’ SQL Injection (Unauthenticated)
[webapps] Seowon 130-SLC router – 'queriesCnt' Remote Code Execution (Unauthenticated)
15 September 2021, 12:00 amSeowon 130-SLC router – ‘queriesCnt’ Remote Code Execution (Unauthenticated)
[webapps] Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated)
15 September 2021, 12:00 amEvolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated)
[webapps] Purchase Order Management System 1.0 – Remote File Upload
14 September 2021, 12:00 amPurchase Order Management System 1.0 – Remote File Upload
[webapps] ECOA Building Automation System – Configuration Download Information Disclosure
13 September 2021, 12:00 amECOA Building Automation System – Configuration Download Information Disclosure
[webapps] ECOA Building Automation System – Hidden Backdoor Accounts and backdoor() Function
13 September 2021, 12:00 amECOA Building Automation System – Hidden Backdoor Accounts and backdoor() Function
[remote] ECOA Building Automation System – Hard-coded Credentials SSH Access
13 September 2021, 12:00 amECOA Building Automation System – Hard-coded Credentials SSH Access
[local] ECOA Building Automation System – Missing Encryption Of Sensitive Information
13 September 2021, 12:00 amECOA Building Automation System – Missing Encryption Of Sensitive Information
[webapps] ECOA Building Automation System – Weak Default Credentials
13 September 2021, 12:00 amECOA Building Automation System – Weak Default Credentials
[webapps] ECOA Building Automation System – Directory Traversal Content Disclosure
13 September 2021, 12:00 amECOA Building Automation System – Directory Traversal Content Disclosure
[webapps] WordPress Plugin Download From Files 1.48 – Arbitrary File Upload
13 September 2021, 12:00 amWordPress Plugin Download From Files 1.48 – Arbitrary File Upload
[webapps] Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE
13 September 2021, 12:00 amApartment Visitor Management System (AVMS) 1.0 – SQLi to RCE
[local] Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai
13 September 2021, 12:00 amFacebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai
[webapps] ECOA Building Automation System – Cookie Poisoning Authentication Bypass
13 September 2021, 12:00 amECOA Building Automation System – Cookie Poisoning Authentication Bypass
[webapps] ECOA Building Automation System – 'multiple' Cross-Site Request Forgery (CSRF)
13 September 2021, 12:00 amECOA Building Automation System – ‘multiple’ Cross-Site Request Forgery (CSRF)
[webapps] ECOA Building Automation System – Arbitrary File Deletion
13 September 2021, 12:00 amECOA Building Automation System – Arbitrary File Deletion
[webapps] ECOA Building Automation System – Path Traversal Arbitrary File Upload
13 September 2021, 12:00 amECOA Building Automation System – Path Traversal Arbitrary File Upload
[webapps] ECOA Building Automation System – Local File Disclosure
13 September 2021, 12:00 amECOA Building Automation System – Local File Disclosure
[webapps] Men Salon Management System 1.0 – Multiple Vulnerabilities
13 September 2021, 12:00 amMen Salon Management System 1.0 – Multiple Vulnerabilities
[webapps] ECOA Building Automation System – Remote Privilege Escalation
13 September 2021, 12:00 amECOA Building Automation System – Remote Privilege Escalation