Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

uDoctorAppointment v2.1.1 – ‘Multiple’ Cross Site Scripting (XSS)
Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS)
Affiliate Pro 1.7 – ‘Multiple’ Cross Site Scripting (XSS)
Archeevo 5.0 – Local File Inclusion
OpenBMCS 2.4 – Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 – SQLi (Authenticated)
OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)
OpenBMCS 2.4 – Information Disclosure
Simple Chatbot Application 1.0 – Remote Code Execution (RCE)
Simple Chatbot Application 1.0 – ‘message’ Blind SQLi
Nyron 1.0 – SQLi (Unauthenticated)
Creston Web Interface 1.0.0.2159 – Credential Disclosure
WorkTime 10.20 Build 4967 – Unquoted Service Path
Online Resort Management System 1.0 – SQLi (Authenticated)
Hospitals Patient Records Management System 1.0 – ‘room_types’ Stored Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 – ‘doctors’ Stored Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 – ‘room_list’ Stored Cross Site Scripting (XSS)
SalonERP 3.0.1 – ‘sql’ SQL Injection (Authenticated)
Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated)
Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS)
Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated)
WordPress Core 5.8.2 – ‘WP_Query’ SQL Injection
Microsoft Windows Defender – Detections Bypass
WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated)
Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass
HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS)
Open-AudIT Community 4.2.0 – Cross-Site Scripting (XSS) (Authenticated)
Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
Online Railway Reservation System 1.0 – ‘id’ SQL Injection (Unauthenticated)
Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)
Online Railway Reservation System 1.0 – ‘Multiple’ Stored Cross Site Scripting (XSS) (Unauthenticated)
VUPlayer 2.49 – ‘.wax’ Local Buffer Overflow (DEP Bypass)
CoreFTP Server build 725 – Directory Traversal (Authenticated)
Online Veterinary Appointment System 1.0 – ‘Multiple’ SQL Injection
openSIS Student Information System 8.0 – ‘multiple’ SQL Injection
TermTalk Server 3.24.0.2 – Arbitrary File Read (Unauthenticated)
Dixell XWEB 500 – Arbitrary File Write
Hospitals Patient Records Management System 1.0 – ‘id’ SQL Injection (Authenticated)
BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Virtual Airlines Manager 2.6.2 – ‘multiple’ SQL Injection
Vodafone H-500-s 3.5.10 – WiFi Password Disclosure
Terramaster TOS 4.2.15 – Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin AAWP 3.16 – ‘tab’ Reflected Cross Site Scripting (XSS) (Authenticated)
TRIGONE Remote System Monitor 3.61 – Unquoted Service Path
Automox Agent 32 – Local Privilege Escalation
Hospitals Patient Records Management System 1.0 – Account TakeOver
Projeqtor v9.3.1 – Stored Cross Site Scripting (XSS)
AWebServer GhostBuilding 18 – Denial of Service (DoS)
Gerapy 0.9.7 – Remote Code Execution (RCE) (Authenticated)