Exploits Database

The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

SAP Lumira 1.31 – Stored Cross-Site Scripting
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution
WonderCMS 3.1.3 – ‘uploadFile’ Stored Cross-Site Scripting
Acronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF
Laravel Administrator 4 – Unrestricted File Upload (Authenticated)
WordPress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated)
Moodle 3.8 – Unrestricted File Upload
Foxit Reader 9.0.1.1049 – Arbitrary Code Execution
House Rental 1.0 – ‘keywords’ SQL Injection
libupnp 1.6.18 – Stack-based buffer overflow (DoS)
ElkarBackup 1.3.3 – ‘Policy[name]’ and ‘Policy[Description]’ Stored Cross-site Scripting
WordPress Theme Wibar 1.1.8 – ‘Brand Component’ Stored Cross Site Scripting
Best Support System 3.0.4 – ‘ticket_body’ Persistent XSS (Authenticated)
Pure-FTPd 1.0.48 – Remote Denial of Service
Razer Chroma SDK Server 3.16.02 – Race Condition Remote File Execution
Wondershare Driver Install Service help 10.7.1.321 – ‘ElevationService’ Unquote Service Path
WonderCMS 3.1.3 – ‘page’ Persistent Cross-Site Scripting
osCommerce 2.3.4.1 – ‘title’ Persistent Cross-Site Scripting
SyncBreeze 10.0.28 – ‘password’ Remote Buffer Overflow
Apache OpenMeetings 5.0.0 – ‘hostname’ Denial of Service
ZeroShell 3.9.0 – ‘cgi-bin/kerbynet’ Remote Root Command Injection (Metasploit)
Seowon 130-SLC router 1.0.11 – ‘ipAddr’ RCE (Authenticated)
OpenCart 3.0.3.6 – ‘Profile Image’ Stored Cross-Site Scripting (Authenticated)
OpenCart 3.0.3.6 – ‘subject’ Stored Cross-Site Scripting
docPrint Pro 8.0 – ‘Add URL’ Buffer Overflow (SEH Egghunter)
nopCommerce Store 4.30 – ‘name’ Stored Cross-Site Scripting
Boxoft Audio Converter 2.3.0 – ‘.wav’ Buffer Overflow (SEH)
LifeRay 7.2.1 GA2 – Stored XSS
VTiger v7.0 CRM – ‘To’ Persistent XSS
TP-Link TL-WA855RE V5_200415 – Device Reset Auth Bypass
Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH)
WonderCMS 3.1.3 – ‘content’ Persistent Cross-Site Scripting
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 – id’ Field Stack Based Buffer Overflow
Free MP3 CD Ripper 2.8 – Multiple File Buffer Overflow (Metasploit)
Boxoft Convert Master 1.3.0 – ‘wav’ SEH Local Exploit
TestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution
TestBox CFML Test Framework 4.1.0 – Directory Traversal
Gemtek WVRTM-127ACN 01.01.02.141 – Authenticated Arbitrary Command Injection
M/Monit 3.7.4 – Password Disclosure
PESCMS TEAM 2.3.2 – Multiple Reflected XSS
Fortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification
Gitlab 12.9.0 – Arbitrary File Read (Authenticated)
Genexis Platinum 4410 Router 2.1 – UPnP Credential Exposure
Internet Download Manager 6.38.12 – Scheduler Downloads Scheduler Buffer Overflow (PoC)
xuucms 3 – ‘keywords’ SQL Injection
Nagios Log Server 2.1.7 – Persistent Cross-Site Scripting
M/Monit 3.7.4 – Privilege Escalation
BigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery
WordPress Plugin WPForms 1.6.3.1 – Persistent Cross Site Scripting (Authenticated)
ZeroLogon – Netlogon Elevation of Privilege