Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

TemaTres 3.0 – ‘value’ Persistent Cross-site Scripting
ASUS HM Com Service 1.00.31 – ‘asHMComSvc’ Unquoted Service Path
Lexmark Services Monitor 2.27.4.0.39 – Directory Traversal
Crystal Live HTTP Server 6.01 – Directory Traversal
Open Proficy HMI-SCADA 5.0.0.25920 – ‘Password’ Denial of Service (PoC)
NCP_Secure_Entry_Client 9.2 – Unquoted Service Paths
MobileGo 8.5.0 – Insecure File Permissions
Centova Cast 3.2.11 – Arbitrary File Download
TemaTres 3.0 – Cross-Site Request Forgery (Add Admin)
Foscam Video Management System 1.1.4.9 – ‘Username’ Denial of Service (PoC)
Emerson PAC Machine Edition 9.70 Build 8595 – ‘FxControlRuntime’ Unquoted Service Path
iSmartViewPro 1.3.34 – Denial of Service (PoC)
nipper-ng 0.11.10 – Remote Buffer Overflow (PoC)
Shrew Soft VPN Client 2.2.2 – ‘iked’ Unquoted Service Path
Siemens Desigo PX 6.00 – Denial of Service (PoC)
oXygen XML Editor 21.1.1 – XML External Entity Injection
Xfilesharing 2.5.1 – Arbitrary File Upload
FUDForum 3.0.9 – Remote Code Execution
Technicolor TD5130.2 – Remote Command Execution
Technicolor TC7300.B0 – ‘hostname’ Persistent Cross-Site Scripting
gSOAP 2.8 – Directory Traversal
Fastweb Fastgate 0.00.81 – Remote Code Execution
ScanGuard Antivirus 2020 – Insecure Folder Permissions
Linear eMerge E3 1.00-06 – Remote Code Execution
Joomla 3.9.13 – ‘Host’ Header Injection
Prima Access Control 2.3.35 – Arbitrary File Upload
Prima Access Control 2.3.35 – ‘HwName’ Persistent Cross-Site Scripting
eMerge E3 Access Controller 4.6.07 – Remote Code Execution
Atlassian Confluence 6.15.1 – Directory Traversal (Metasploit)
CBAS-Web 19.0.0 – Information Disclosure
CBAS-Web 19.0.0 – Remote Code Execution
Optergy 2.3.0a – Username Disclosure
Optergy 2.3.0a – Cross-Site Request Forgery (Add Admin)
RTK IIS Codec Service 6.4.10041.133 – ‘RtkI2SCodec’ Unquote Service Path
Optergy 2.3.0a – Remote Code Execution (Backdoor)
Adrenalin Core HCM 5.4.0 – ‘ReportID’ Reflected Cross-Site Scripting
FlexAir Access Control 2.3.35 – Authentication Bypass
Control Center PRO 6.2.9 – Local Stack Based Buffer Overflow (SEH)
CBAS-Web 19.0.0 – ‘id’ Boolean-based Blind SQL Injection
FlexAir Access Control 2.4.9api3 – Remote Code Execution
CBAS-Web 19.0.0 – Username Enumeration
Alps Pointing-device Controller 8.1202.1711.04 – ‘ApHidMonitorService’ Unquoted Service Path
CBAS-Web 19.0.0 – Cross-Site Request Forgery (Add Super Admin)
Optergy 2.3.0a – Remote Code Execution
eMerge E3 Access Controller 4.6.07 – Remote Code Execution (Metasploit)
eMerge E3 1.00-06 – ‘layout’ Reflected Cross-Site Scripting
eMerge50P 5000P 4.6.07 – Remote Code Execution
Bematech Printer MP-4200 – Denial of Service
eMerge E3 1.00-06 – Arbitrary File Upload
Wondershare Application Framework Service – “WsAppService” Unquote Service Path