The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
[webapps] uDoctorAppointment v2.1.1 – 'Multiple' Cross Site Scripting (XSS)
19 January 2022, 12:00 amuDoctorAppointment v2.1.1 – ‘Multiple’ Cross Site Scripting (XSS)
[webapps] Rocket LMS 1.1 – Persistent Cross Site Scripting (XSS)
19 January 2022, 12:00 amRocket LMS 1.1 – Persistent Cross Site Scripting (XSS)
[webapps] Affiliate Pro 1.7 – 'Multiple' Cross Site Scripting (XSS)
19 January 2022, 12:00 amAffiliate Pro 1.7 – ‘Multiple’ Cross Site Scripting (XSS)
[remote] Archeevo 5.0 – Local File Inclusion
18 January 2022, 12:00 amArcheevo 5.0 – Local File Inclusion
[webapps] OpenBMCS 2.4 – Cross Site Request Forgery (CSRF)
18 January 2022, 12:00 amOpenBMCS 2.4 – Cross Site Request Forgery (CSRF)
[webapps] OpenBMCS 2.4 – SQLi (Authenticated)
18 January 2022, 12:00 amOpenBMCS 2.4 – SQLi (Authenticated)
[webapps] OpenBMCS 2.4 – Create Admin / Remote Privilege Escalation
18 January 2022, 12:00 amOpenBMCS 2.4 – Create Admin / Remote Privilege Escalation
[webapps] OpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)
18 January 2022, 12:00 amOpenBMCS 2.4 – Server Side Request Forgery (SSRF) (Unauthenticated)
[webapps] OpenBMCS 2.4 – Information Disclosure
18 January 2022, 12:00 amOpenBMCS 2.4 – Information Disclosure
[webapps] Simple Chatbot Application 1.0 – Remote Code Execution (RCE)
18 January 2022, 12:00 amSimple Chatbot Application 1.0 – Remote Code Execution (RCE)
[webapps] Simple Chatbot Application 1.0 – 'message' Blind SQLi
18 January 2022, 12:00 amSimple Chatbot Application 1.0 – ‘message’ Blind SQLi
[webapps] Nyron 1.0 – SQLi (Unauthenticated)
18 January 2022, 12:00 amNyron 1.0 – SQLi (Unauthenticated)
[webapps] Creston Web Interface 1.0.0.2159 – Credential Disclosure
18 January 2022, 12:00 amCreston Web Interface 1.0.0.2159 – Credential Disclosure
[local] WorkTime 10.20 Build 4967 – Unquoted Service Path
18 January 2022, 12:00 amWorkTime 10.20 Build 4967 – Unquoted Service Path
[webapps] Online Resort Management System 1.0 – SQLi (Authenticated)
18 January 2022, 12:00 amOnline Resort Management System 1.0 – SQLi (Authenticated)
[webapps] Hospitals Patient Records Management System 1.0 – 'room_types' Stored Cross Site Scripting (XSS)
13 January 2022, 12:00 amHospitals Patient Records Management System 1.0 – ‘room_types’ Stored Cross Site Scripting (XSS)
[webapps] Hospitals Patient Records Management System 1.0 – 'doctors' Stored Cross Site Scripting (XSS)
13 January 2022, 12:00 amHospitals Patient Records Management System 1.0 – ‘doctors’ Stored Cross Site Scripting (XSS)
[webapps] Hospitals Patient Records Management System 1.0 – 'room_list' Stored Cross Site Scripting (XSS)
13 January 2022, 12:00 amHospitals Patient Records Management System 1.0 – ‘room_list’ Stored Cross Site Scripting (XSS)
[webapps] SalonERP 3.0.1 – 'sql' SQL Injection (Authenticated)
13 January 2022, 12:00 amSalonERP 3.0.1 – ‘sql’ SQL Injection (Authenticated)
[webapps] Online Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated)
13 January 2022, 12:00 amOnline Diagnostic Lab Management System 1.0 – Account Takeover (Unauthenticated)
[webapps] Online Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS)
13 January 2022, 12:00 amOnline Diagnostic Lab Management System 1.0 – Stored Cross Site Scripting (XSS)
[webapps] Online Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated)
13 January 2022, 12:00 amOnline Diagnostic Lab Management System 1.0 – SQL Injection (Unauthenticated)
[webapps] WordPress Core 5.8.2 – 'WP_Query' SQL Injection
13 January 2022, 12:00 amWordPress Core 5.8.2 – ‘WP_Query’ SQL Injection
[local] Microsoft Windows Defender – Detections Bypass
12 January 2022, 12:00 amMicrosoft Windows Defender – Detections Bypass
[webapps] WordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated)
12 January 2022, 12:00 amWordPress Plugin Frontend Uploader 1.3.2 – Stored Cross Site Scripting (XSS) (Unauthenticated)
[local] Microsoft Windows .Reg File – Dialog Spoof / Mitigation Bypass
12 January 2022, 12:00 amMicrosoft Windows .Reg File – Dialog Spoof / Mitigation Bypass
[webapps] HTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS)
10 January 2022, 12:00 amHTTP Commander 3.1.9 – Stored Cross Site Scripting (XSS)
[webapps] Open-AudIT Community 4.2.0 – Cross-Site Scripting (XSS) (Authenticated)
10 January 2022, 12:00 amOpen-AudIT Community 4.2.0 – Cross-Site Scripting (XSS) (Authenticated)
[webapps] Online Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
10 January 2022, 12:00 amOnline Railway Reservation System 1.0 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] Online Railway Reservation System 1.0 – 'id' SQL Injection (Unauthenticated)
10 January 2022, 12:00 amOnline Railway Reservation System 1.0 – ‘id’ SQL Injection (Unauthenticated)
[webapps] Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)
10 January 2022, 12:00 amOnline Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)
[webapps] Online Railway Reservation System 1.0 – 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
10 January 2022, 12:00 amOnline Railway Reservation System 1.0 – ‘Multiple’ Stored Cross Site Scripting (XSS) (Unauthenticated)
[local] VUPlayer 2.49 – '.wax' Local Buffer Overflow (DEP Bypass)
10 January 2022, 12:00 amVUPlayer 2.49 – ‘.wax’ Local Buffer Overflow (DEP Bypass)
[remote] CoreFTP Server build 725 – Directory Traversal (Authenticated)
10 January 2022, 12:00 amCoreFTP Server build 725 – Directory Traversal (Authenticated)
[webapps] Online Veterinary Appointment System 1.0 – 'Multiple' SQL Injection
7 January 2022, 12:00 amOnline Veterinary Appointment System 1.0 – ‘Multiple’ SQL Injection
[webapps] openSIS Student Information System 8.0 – 'multiple' SQL Injection
5 January 2022, 12:00 amopenSIS Student Information System 8.0 – ‘multiple’ SQL Injection
[remote] TermTalk Server 3.24.0.2 – Arbitrary File Read (Unauthenticated)
5 January 2022, 12:00 amTermTalk Server 3.24.0.2 – Arbitrary File Read (Unauthenticated)
[remote] Dixell XWEB 500 – Arbitrary File Write
5 January 2022, 12:00 amDixell XWEB 500 – Arbitrary File Write
[webapps] Hospitals Patient Records Management System 1.0 – 'id' SQL Injection (Authenticated)
5 January 2022, 12:00 amHospitals Patient Records Management System 1.0 – ‘id’ SQL Injection (Authenticated)
[webapps] BeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated)
5 January 2022, 12:00 amBeyondTrust Remote Support 6.0 – Reflected Cross-Site Scripting (XSS) (Unauthenticated)
[webapps] Virtual Airlines Manager 2.6.2 – 'multiple' SQL Injection
5 January 2022, 12:00 amVirtual Airlines Manager 2.6.2 – ‘multiple’ SQL Injection
[webapps] Vodafone H-500-s 3.5.10 – WiFi Password Disclosure
5 January 2022, 12:00 amVodafone H-500-s 3.5.10 – WiFi Password Disclosure
[webapps] Terramaster TOS 4.2.15 – Remote Code Execution (RCE) (Unauthenticated)
5 January 2022, 12:00 amTerramaster TOS 4.2.15 – Remote Code Execution (RCE) (Unauthenticated)
[webapps] WordPress Plugin AAWP 3.16 – 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
5 January 2022, 12:00 amWordPress Plugin AAWP 3.16 – ‘tab’ Reflected Cross Site Scripting (XSS) (Authenticated)
[local] TRIGONE Remote System Monitor 3.61 – Unquoted Service Path
5 January 2022, 12:00 amTRIGONE Remote System Monitor 3.61 – Unquoted Service Path
[local] Automox Agent 32 – Local Privilege Escalation
5 January 2022, 12:00 amAutomox Agent 32 – Local Privilege Escalation
[webapps] Hospitals Patient Records Management System 1.0 – Account TakeOver
5 January 2022, 12:00 amHospitals Patient Records Management System 1.0 – Account TakeOver
[webapps] Projeqtor v9.3.1 – Stored Cross Site Scripting (XSS)
5 January 2022, 12:00 amProjeqtor v9.3.1 – Stored Cross Site Scripting (XSS)
[remote] AWebServer GhostBuilding 18 – Denial of Service (DoS)
5 January 2022, 12:00 amAWebServer GhostBuilding 18 – Denial of Service (DoS)
[remote] Gerapy 0.9.7 – Remote Code Execution (RCE) (Authenticated)
5 January 2022, 12:00 amGerapy 0.9.7 – Remote Code Execution (RCE) (Authenticated)