Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

SpotFTP-FTP Password Recover 2.4.8 – Denial of Service (PoC)
Magento WooCommerce CardGate Payment Gateway 2.0.30 – Payment Process Bypass
aSc TimeTables 2020.11.4 – Denial of Service (PoC)
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 – Payment Process Bypass
Odin Secure FTP Expert 7.6.3 – Denial of Service (PoC)
ManageEngine EventLog Analyzer 10.0 – Information Disclosure
Go SSH servers 0.0.2 – Denial of Service (PoC)
Real Web Pentesting Tutorial Step by Step – [Persian]
SecuSTATION IPCAM-130 HD Camera – Remote Configuration Disclosure
CandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin)
SecuSTATION SC-831 HD Camera – Remote Configuration Disclosure
Android Binder – Use-After-Free (Metasploit)
Apache James Server 2.3.2 – Insecure User Creation Arbitrary File Write (Metasploit)
Diamorphine Rootkit – Signal Privilege Escalation (Metasploit)
I6032B-P POE 2.0MP Outdoor Camera – Remote Configuration Disclosure
ATutor 2.2.4 – ‘id’ SQL Injection
Cacti 1.2.8 – Remote Code Execution
AMSS++ 4.7 – Backdoor Admin Account
Aptina AR0130 960P 1.3MP Camera – Remote Configuration Disclosure
Quick N Easy Web Server 3.3.8 – Denial of Service (PoC)
DotNetNuke 9.5 – File Upload Restrictions Bypass
AMSS++ v 4.31 – ‘id’ SQL Injection
DotNetNuke 9.5 – Persistent Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera – Remote Configuration Disclosure
eLection 2.0 – ‘id’ SQL Injection
Avaya IP Office Application Server 11.0.0.0 – Reflective Cross-Site Scripting
Core FTP Lite 1.3 – Denial of Service (PoC)
Easy2Pilot 7 – Cross-Site Request Forgery (Add User)
Virtual Freer 1.58 – Remote Command Execution
DBPower C300 HD Camera – Remote Configuration Disclosure
Nanometrics Centaur 4.3.23 – Unauthenticated Remote Memory Leak
MSI Packages Symbolic Links Processing – Windows 10 Privilege Escalation
DHCP Turbo 4.61298 – ‘DHCP Turbo 4’ Unquoted Service Path
WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting
TFTP Turbo 4.6.1273 – ‘TFTP Turbo 4’ Unquoted Service Path
SOPlanning 1.45 – ‘by’ SQL Injection
WordPress Plugin Strong Testimonials 2.40.1 – Persistent Cross-Site Scripting
SOPlanning 1.45 – ‘users’ SQL Injection
LabVantage 8.3 – Information Disclosure
Anviz CrossChex – Buffer Overflow (Metasploit)
BOOTP Turbo 2.0.1214 – ‘BOOTP Turbo’ Unquoted Service Path
Avaya Aura Communication Manager 5.2 – Remote Code Execution
Cuckoo Clock v5.0 – Buffer Overflow
HP System Event 1.2.9.0 – ‘HPWMISVC’ Unquoted Service Path
SOPlanning 1.45 – Cross-Site Request Forgery (Add User)
Ice HRM 26.2.0 – Cross-Site Request Forgery (Add User)
EPSON EasyMP Network Projection 2.81 – ‘EMP_NSWLSV’ Unquoted Service Path
SprintWork 2.3.1 – Local Privilege Escalation
PHP 7.0 < 7.4 (Unix) – 'debug_backtrace' disable_functions Bypass
Windows Kernel – Information Disclosure