Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

OTRS 6.0.1 – Remote Command Execution (2)
CMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS)
RemoteClinic 2.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass
RemoteClinic 2 – ‘Multiple’ Cross-Site Scripting (XSS)
Tenda D151 & D301 – Configuration Download (Unauthenticated)
rconfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
OpenEMR 5.0.2.1 – Remote Code Execution
Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)
Adtran Personal Phone Manager 10.8.1 – ‘Multiple’ Reflected Cross-Site Scripting (XSS)
Adtran Personal Phone Manager 10.8.1 – DNS Exfiltration
GravCMS 1.10.7 – Unauthenticated Arbitrary YAML Write/Update (Metasploit)
Hasura GraphQL 1.3.3 – Denial of Service
Hasura GraphQL 1.3.3 – Local File Read
Hasura GraphQL 1.3.3 – Service Side Request Forgery (SSRF)
WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS)
Fast PHP Chat 1.3 – ‘my_item_search’ SQL Injection
Adtran Personal Phone Manager 10.8.1 – ‘emailAddress’ Stored Cross-Site Scripting (XSS)
BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE
Horde Groupware Webmail 5.2.22 – Stored XSS
Tileserver-gl 3.0.0 – ‘key’ Reflected Cross-Site Scripting (XSS)
htmly 2.8.0 – ‘description’ Stored Cross-Site Scripting (XSS)
glFTPd 2.11a – Remote Denial of Service
CITSmart ITSM 9.1.2.22 – LDAP Injection
CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated)
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE
MariaDB 10.2 /MySQL – ‘wsrep_provider’ OS Command Execution
Digital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass)
jQuery 1.0.3 – Cross-Site Scripting (XSS)
jQuery 1.2 – Cross-Site Scripting (XSS)
Blitar Tourism 1.0 – Authentication Bypass SQLi
Simple Student Information System 1.0 – SQL Injection (Authentication Bypass)
ExpressVPN VPN Router 1.0 – Router Login Panel’s Integer Overflow
vsftpd 2.3.4 – Backdoor Command Execution
PrestaShop 1.7.6.7 – ‘location’ Blind Sql Injection
CMSimple 5.2 – ‘External’ Stored XSS
DMA Radius Manager 4.4.0 – Cross-Site Request Forgery (CSRF)
Composr 10.0.36 – Remote Code Execution
Linux Kernel 5.4 – ‘BleedingTooth’ Bluetooth Zero-Click Remote Code Execution
Composr CMS 10.0.36 – Cross Site Scripting
Atlassian Jira Service Desk 4.9.1 – Unrestricted File Upload to XSS
Dell OpenManage Server Administrator 9.4.0.0 – Arbitrary File Read
Google Chrome 86.0.4240 V8 – Remote Code Execution
Google Chrome 81.0.4044 V8 – Remote Code Execution
Mini Mouse 9.3.0 – Local File inclusion / Path Traversal
Basic Shopping Cart 1.0 – Authentication Bypass
OpenEMR 4.1.0 – ‘u’ SQL Injection
Mini Mouse 9.2.0 – Remote Code Execution
Mini Mouse 9.2.0 – Path Traversal