The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[webapps] OTRS 6.0.1 – Remote Command Execution (2)
22 April 2021, 12:00 amOTRS 6.0.1 – Remote Command Execution (2)
[webapps] CMS Made Simple 2.2.15 – 'title' Cross-Site Scripting (XSS)
22 April 2021, 12:00 amCMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS)
[webapps] RemoteClinic 2.0 – 'Multiple' Stored Cross-Site Scripting (XSS)
22 April 2021, 12:00 amRemoteClinic 2.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
[webapps] Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass
21 April 2021, 12:00 amDiscourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass
[webapps] RemoteClinic 2 – 'Multiple' Cross-Site Scripting (XSS)
21 April 2021, 12:00 amRemoteClinic 2 – ‘Multiple’ Cross-Site Scripting (XSS)
[remote] Tenda D151 & D301 – Configuration Download (Unauthenticated)
21 April 2021, 12:00 amTenda D151 & D301 – Configuration Download (Unauthenticated)
[webapps] rconfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
21 April 2021, 12:00 amrconfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
[webapps] OpenEMR 5.0.2.1 – Remote Code Execution
21 April 2021, 12:00 amOpenEMR 5.0.2.1 – Remote Code Execution
[webapps] Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)
21 April 2021, 12:00 amMultilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)
[webapps] Adtran Personal Phone Manager 10.8.1 – 'Multiple' Reflected Cross-Site Scripting (XSS)
21 April 2021, 12:00 amAdtran Personal Phone Manager 10.8.1 – ‘Multiple’ Reflected Cross-Site Scripting (XSS)
[webapps] Adtran Personal Phone Manager 10.8.1 – DNS Exfiltration
21 April 2021, 12:00 amAdtran Personal Phone Manager 10.8.1 – DNS Exfiltration
[webapps] GravCMS 1.10.7 – Unauthenticated Arbitrary YAML Write/Update (Metasploit)
21 April 2021, 12:00 amGravCMS 1.10.7 – Unauthenticated Arbitrary YAML Write/Update (Metasploit)
[dos] Hasura GraphQL 1.3.3 – Denial of Service
21 April 2021, 12:00 amHasura GraphQL 1.3.3 – Denial of Service
[webapps] Hasura GraphQL 1.3.3 – Local File Read
21 April 2021, 12:00 amHasura GraphQL 1.3.3 – Local File Read
[webapps] Hasura GraphQL 1.3.3 – Service Side Request Forgery (SSRF)
21 April 2021, 12:00 amHasura GraphQL 1.3.3 – Service Side Request Forgery (SSRF)
[webapps] WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS)
21 April 2021, 12:00 amWordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS)
[webapps] Fast PHP Chat 1.3 – 'my_item_search' SQL Injection
21 April 2021, 12:00 amFast PHP Chat 1.3 – ‘my_item_search’ SQL Injection
[webapps] Adtran Personal Phone Manager 10.8.1 – 'emailAddress' Stored Cross-Site Scripting (XSS)
21 April 2021, 12:00 amAdtran Personal Phone Manager 10.8.1 – ‘emailAddress’ Stored Cross-Site Scripting (XSS)
[webapps] BlackCat CMS 1.3.6 – 'Multiple' Stored Cross-Site Scripting (XSS)
21 April 2021, 12:00 amBlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
[webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE
16 April 2021, 12:00 amGetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE
[webapps] Horde Groupware Webmail 5.2.22 – Stored XSS
15 April 2021, 12:00 amHorde Groupware Webmail 5.2.22 – Stored XSS
[webapps] Tileserver-gl 3.0.0 – 'key' Reflected Cross-Site Scripting (XSS)
15 April 2021, 12:00 amTileserver-gl 3.0.0 – ‘key’ Reflected Cross-Site Scripting (XSS)
[webapps] htmly 2.8.0 – 'description' Stored Cross-Site Scripting (XSS)
15 April 2021, 12:00 amhtmly 2.8.0 – ‘description’ Stored Cross-Site Scripting (XSS)
[dos] glFTPd 2.11a – Remote Denial of Service
15 April 2021, 12:00 amglFTPd 2.11a – Remote Denial of Service
[webapps] CITSmart ITSM 9.1.2.22 – LDAP Injection
14 April 2021, 12:00 amCITSmart ITSM 9.1.2.22 – LDAP Injection
[webapps] CITSmart ITSM 9.1.2.27 – 'query' Time-based Blind SQL Injection (Authenticated)
14 April 2021, 12:00 amCITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated)
[webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE
14 April 2021, 12:00 amGenexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE
[local] MariaDB 10.2 /MySQL – 'wsrep_provider' OS Command Execution
14 April 2021, 12:00 amMariaDB 10.2 /MySQL – ‘wsrep_provider’ OS Command Execution
[webapps] Digital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass)
14 April 2021, 12:00 amDigital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass)
[webapps] jQuery 1.0.3 – Cross-Site Scripting (XSS)
14 April 2021, 12:00 amjQuery 1.0.3 – Cross-Site Scripting (XSS)
[webapps] jQuery 1.2 – Cross-Site Scripting (XSS)
14 April 2021, 12:00 amjQuery 1.2 – Cross-Site Scripting (XSS)
[webapps] Blitar Tourism 1.0 – Authentication Bypass SQLi
13 April 2021, 12:00 amBlitar Tourism 1.0 – Authentication Bypass SQLi
[webapps] Simple Student Information System 1.0 – SQL Injection (Authentication Bypass)
13 April 2021, 12:00 amSimple Student Information System 1.0 – SQL Injection (Authentication Bypass)
[webapps] ExpressVPN VPN Router 1.0 – Router Login Panel's Integer Overflow
13 April 2021, 12:00 amExpressVPN VPN Router 1.0 – Router Login Panel’s Integer Overflow
[remote] vsftpd 2.3.4 – Backdoor Command Execution
12 April 2021, 12:00 amvsftpd 2.3.4 – Backdoor Command Execution
[webapps] PrestaShop 1.7.6.7 – 'location' Blind Sql Injection
9 April 2021, 12:00 amPrestaShop 1.7.6.7 – ‘location’ Blind Sql Injection
[webapps] CMSimple 5.2 – 'External' Stored XSS
8 April 2021, 12:00 amCMSimple 5.2 – ‘External’ Stored XSS
[webapps] DMA Radius Manager 4.4.0 – Cross-Site Request Forgery (CSRF)
8 April 2021, 12:00 amDMA Radius Manager 4.4.0 – Cross-Site Request Forgery (CSRF)
[webapps] Composr 10.0.36 – Remote Code Execution
8 April 2021, 12:00 amComposr 10.0.36 – Remote Code Execution
[remote] Linux Kernel 5.4 – 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
8 April 2021, 12:00 amLinux Kernel 5.4 – ‘BleedingTooth’ Bluetooth Zero-Click Remote Code Execution
[webapps] Composr CMS 10.0.36 – Cross Site Scripting
7 April 2021, 12:00 amComposr CMS 10.0.36 – Cross Site Scripting
[webapps] Atlassian Jira Service Desk 4.9.1 – Unrestricted File Upload to XSS
7 April 2021, 12:00 amAtlassian Jira Service Desk 4.9.1 – Unrestricted File Upload to XSS
[webapps] Dell OpenManage Server Administrator 9.4.0.0 – Arbitrary File Read
7 April 2021, 12:00 amDell OpenManage Server Administrator 9.4.0.0 – Arbitrary File Read
[remote] Google Chrome 86.0.4240 V8 – Remote Code Execution
6 April 2021, 12:00 amGoogle Chrome 86.0.4240 V8 – Remote Code Execution
[remote] Google Chrome 81.0.4044 V8 – Remote Code Execution
6 April 2021, 12:00 amGoogle Chrome 81.0.4044 V8 – Remote Code Execution
[webapps] Mini Mouse 9.3.0 – Local File inclusion / Path Traversal
6 April 2021, 12:00 amMini Mouse 9.3.0 – Local File inclusion / Path Traversal
[webapps] Basic Shopping Cart 1.0 – Authentication Bypass
5 April 2021, 12:00 amBasic Shopping Cart 1.0 – Authentication Bypass
[webapps] OpenEMR 4.1.0 – 'u' SQL Injection
5 April 2021, 12:00 amOpenEMR 4.1.0 – ‘u’ SQL Injection
[webapps] Mini Mouse 9.2.0 – Remote Code Execution
5 April 2021, 12:00 amMini Mouse 9.2.0 – Remote Code Execution
[webapps] Mini Mouse 9.2.0 – Path Traversal
5 April 2021, 12:00 amMini Mouse 9.2.0 – Path Traversal