Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

Budget and Expense Tracker System 1.0 – Arbitrary File Upload
Gurock Testrail – ‘files.md5’ Improper Access Control
Redragon Gaming Mouse – ‘REDRAGON_MOUSE.sys’ Denial-Of-Service (PoC)
WordPress Plugin 3DPrint Lite – Arbitrary File Upload
Backdrop CMS 1.20.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 – Reflected Cross-Site Scripting (XSS)
WordPress Plugin Fitness Calculators 1.9.5 – Cross-Site Request Forgery (CSRF)
Police Crime Record Management Project 1.0 – Time Based SQLi
Filerun 2021.03.26 – Remote Code Execution (RCE) (Authenticated)
e107 CMS 2.3.0 – Remote Code Execution (RCE) (Authenticated)
OpenCats 0.9.4-2 – ‘docx ‘ XML External Entity Injection (XXE)
Cloudron 6.2 – ‘returnTo ‘ Cross Site Scripting (Reflected)
Sentry 8.2.0 – Remote Code Execution (RCE) (Authenticated)
Online Reviewer System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Simple Attendance System 1.0 – Unauthenticated Blind SQLi
TotalAV 5.15.69 – Unquoted Service Path
Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
WebsiteBaker 2.13.0 – Remote Code Execution (RCE) (Authenticated)
Yenkee Hornet Gaming Mouse – ‘GM312Fltr.sys’ Denial-Of-Service (PoC)
T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)
Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)
WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)
Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)
Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Budget and Expense Tracker System 1.0 – Authenticated Bypass
Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)
WordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass
Simple Attendance System 1.0 – Authenticated bypass
ImpressCMS 1.4.2 – Remote Code Execution (RCE) (Authenticated)
AlphaWeb XE – File Upload Remote Code Execution (RCE) (Authenticated)
Support Board 3.3.3 – ‘Multiple’ SQL Injection (Unauthenticated)
Seowon 130-SLC router – ‘queriesCnt’ Remote Code Execution (Unauthenticated)
Evolution CMS 3.1.6 – Remote Code Execution (RCE) (Authenticated)
Purchase Order Management System 1.0 – Remote File Upload
ECOA Building Automation System – Configuration Download Information Disclosure
ECOA Building Automation System – Hidden Backdoor Accounts and backdoor() Function
ECOA Building Automation System – Hard-coded Credentials SSH Access
ECOA Building Automation System – Missing Encryption Of Sensitive Information
ECOA Building Automation System – Weak Default Credentials
ECOA Building Automation System – Directory Traversal Content Disclosure
WordPress Plugin Download From Files 1.48 – Arbitrary File Upload
Apartment Visitor Management System (AVMS) 1.0 – SQLi to RCE
Facebook ParlAI 1.0.0 – Deserialization of Untrusted Data in parlai
ECOA Building Automation System – Cookie Poisoning Authentication Bypass
ECOA Building Automation System – ‘multiple’ Cross-Site Request Forgery (CSRF)
ECOA Building Automation System – Arbitrary File Deletion
ECOA Building Automation System – Path Traversal Arbitrary File Upload
ECOA Building Automation System – Local File Disclosure
Men Salon Management System 1.0 – Multiple Vulnerabilities
ECOA Building Automation System – Remote Privilege Escalation