Exploit Database

Exploit Description	Date
SOPlanning 1.52.01 (Simple Online Planning Tool) Exploit, Remote Code Execution (RCE) (Authenticated) WEBAPPS Author: ybersploi	2024/11/15
reNgine 2.2.0 Exploit, Command Injection (Authenticated) WEBAPPS Author: Caner Tercan	2024/10/01
openSIS 9.1 Exploit, SQLi (Authenticated) WEBAPPS Author: Devrim Dıragumandan	2024/10/01
dizqueTV 1.5.3 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Ahmed Said Saud Al-Busaidi	2024/10/01
NoteMark < 0.13.0 Exploit, Stored XSS WEBAPPS Author: Alessio Romano (sfoffo)	2024/08/28
Gitea 1.22.0 Exploit, Stored XSS WEBAPPS Author: Catalin Iovita_ Alexandru Postolache	2024/08/28
Invesalius3 Exploit, Remote Code Execution WEBAPPS Author: Alessio Romano (sfoffo)_ Riccardo Degli Esposti (partywave)	2024/08/28
Windows TCP/IP Exploit, RCE Checker and Denial of Service DOS Author: hotubia	2024/08/28
Aurba 501 Exploit, Authenticated RCE WEBAPPS Author: Hosein Vita	2024/08/24
HughesNet HT2000W Satellite Modem Exploit, Password Reset WEBAPPS Author: Simon Greenblatt	2024/08/24
Elber Wayber Analog/Digital Audio STL 4.00 Exploit, Device Config Disclosure WEBAPPS Author: iquidWor	2024/08/24
Elber Wayber Analog/Digital Audio STL 4.00 Exploit, Authentication Bypass WEBAPPS Author: iquidWor	2024/08/24
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Exploit, Device Config WEBAPPS Author: iquidWor	2024/08/24
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Exploit, Authentication Bypass WEBAPPS Author: iquidWor	2024/08/24
Helpdeskz v2.0.2 Exploit, Stored XSS WEBAPPS Author: Md. Sadikul Islam	2024/08/23
Calibre-web 0.6.21 Exploit, Stored XSS WEBAPPS Author: Catalin Iovita_ Alexandru Postolache	2024/08/23
Devika v1 Exploit, Path Traversal via 'snapshot_path' WEBAPPS Author: Alperen Ergel	2024/08/04
Genexus Protection Server 9.7.2.10 Exploit, 'protsrvservice' Unquoted Service Path LOCAL Author: amAlucar	2024/08/04
SolarWinds Kiwi Syslog Server 9.6.7.1 Exploit, Unquoted Service Path LOCAL Author: Milad karimi	2024/08/04
Oracle Database 12c Release 1 Exploit, Unquoted Service Path LOCAL Author: Milad karimi	2024/08/04
Ivanti vADC 9.9 Exploit, Authentication Bypass WEBAPPS Author: hnoisploite	2024/08/04
Bonjour Service 'mDNSResponder.exe' Exploit, Unquoted Service Path Privilege Escalation LOCAL Author: io	2024/07/16
Xhibiter NFT Marketplace 1.10.2 Exploit, SQL Injection WEBAPPS Author: Sohel Yousef	2024/07/01
Azon Dominator Affiliate Marketing Script Exploit, SQL Injection WEBAPPS Author: Buğra Enis Dönmez	2024/07/01
Microweber 2.0.15 Exploit, Stored XSS WEBAPPS Author: mrswr	2024/07/01
Customer Support System 1.0 Exploit, Stored XSS WEBAPPS Author: Geraldo Alcantara	2024/07/01
Automad 2.0.0-alpha.4 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: Jerry Thomas	2024/06/26
SolarWinds Platform 2024.1 SR1 Exploit, Race Condition WEBAPPS Author: Elhussain Fathy	2024/06/26
Flatboard 3.2 Exploit, Stored Cross-Site Scripting (XSS) (Authenticated) WEBAPPS Author: mrswr	2024/06/26
Poultry Farm Management System v1.0 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Jerry Thomas	2024/06/26
Boelter Blue System Management 1.3 Exploit, SQL Injection WEBAPPS Author: BK	2024/06/14
Rebar3 3.13.2 Exploit, Command Injection WEBAPPS Author: b3rsic	2024/06/14
ZwiiCMS 12.2.04 Exploit, Remote Code Execution (Authenticated) WEBAPPS Author: b3rsic	2024/06/14
Zyxel IKE Packet Decoder Exploit, Unauthenticated Remote Code Execution (Metasploit) REMOTE Author: b3rsic	2024/06/14
WP-UserOnline 2.88.0 Exploit, Stored Cross Site Scripting (XSS) (Authenticated) WEBAPPS Author: Onur Göğebakan	2024/06/14
PHP < 8.3.8 Exploit, Remote Code Execution (Unauthenticated) (Windows) WEBAPPS Author: Yesith Alvarez	2024/06/14
AEGON LIFE v1.0 Life Insurance Management System Exploit, SQL injection vulnerability. WEBAPPS Author: Aslam Anwar Mahimkar	2024/06/14
AEGON LIFE v1.0 Life Insurance Management System Exploit, Unauthenticated Remote Code Execution (RCE) WEBAPPS Author: Aslam Anwar Mahimkar	2024/06/14
XMB 1.9.12.06 Exploit, Stored XSS WEBAPPS Author: Chokri Hammedi	2024/06/14
Carbon Forum 5.9.0 Exploit, Stored XSS WEBAPPS Author: Chokri Hammedi	2024/06/14
AEGON LIFE v1.0 Life Insurance Management System Exploit, Stored cross-site scripting (XSS) WEBAPPS Author: Aslam Anwar Mahimkar	2024/06/14
appRain CMF 4.0.5 Exploit, Remote Code Execution (RCE) (Authenticated) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
CMSimple 5.15 Exploit, Remote Code Execution (RCE) (Authenticated) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
WBCE CMS v1.6.2 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
Monstra CMS 3.0.4 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
Dotclear 2.29 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
Serendipity 2.5.0 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/06/03
Sitefinity 15.0 Exploit, Cross-Site Scripting (XSS) WEBAPPS Author: Aldi Saputra Wahyudi	2024/06/03
Craft CMS Logs Plugin 3.0.3 Exploit, Path Traversal (Authenticated) WEBAPPS Author: b3rsic	2024/06/01
ASUS ASMB8 iKVM 1.14.51 Exploit, Remote Code Execution (RCE) & SSH Access REMOTE Author: b3rsic	2024/06/01
Wipro Holmes Orchestrator 20.4.1 Exploit, Log File Disclosure REMOTE Author: b3rsic	2024/06/01
FreePBX 16 Exploit, Remote Code Execution (RCE) (Authenticated) WEBAPPS Author: Cold z3ro	2024/06/01
Akaunting 3.1.8 Exploit, Server-Side Template Injection (SSTI) WEBAPPS Author: mrswr	2024/06/01
Check Point Security Gateway Exploit, Information Disclosure (Unauthenticated) WEBAPPS Author: Yesith Alvarez	2024/05/31
Aquatronica Control System 5.1.6 Exploit, Information Disclosure WEBAPPS Author: iquidWor	2024/05/31
changedetection < 0.45.20 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Zach Crosman (zcrosman)	2024/05/31
ElkArte Forum 1.1.9 Exploit, Remote Code Execution (RCE) (Authenticated) WEBAPPS Author: mrswr	2024/05/31
iMLog < 1.307 Exploit, Persistent Cross Site Scripting (XSS) WEBAPPS Author: Gabriel Felipe	2024/05/31
BWL Advanced FAQ Manager 2.0.3 Exploit, Authenticated SQL Injection WEBAPPS Author: Ivan Spiridonov	2024/05/31
htmlLawed 1.2.5 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Miguel Redondo	2024/05/19
PopojiCMS 2.0.1 Exploit, Remote Command Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/05/19
Backdrop CMS 1.27.1 Exploit, Remote Command Execution (RCE) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/05/19
Apache OFBiz 18.12.12 Exploit, Directory Traversal WEBAPPS Author: Abdualhadi khalifa	2024/05/19
Wordpress Theme XStore 9.3.8 Exploit, SQLi WEBAPPS Author: Abdualhadi khalifa	2024/05/19
Rocket LMS 1.9 Exploit, Persistent Cross Site Scripting (XSS) WEBAPPS Author: Sergio Medeiros	2024/05/19
Prison Management System Exploit, SQL Injection Authentication Bypass WEBAPPS Author: Sanjay Singh	2024/05/13
PyroCMS v3.0.1 Exploit, Stored XSS WEBAPPS Author: mrswr	2024/05/13
CE Phoenix Version 1.0.8.20 Exploit, Stored XSS WEBAPPS Author: mrswr	2024/05/13
Leafpub 1.1.9 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/05/13
Chyrp 2.5.2 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/05/13
CrushFTP < 11.1.0 Exploit, Directory Traversal REMOTE Author: Abdualhadi khalifa	2024/05/13
Plantronics Hub 3.25.1 Exploit, Arbitrary File Read LOCAL Author: Alaa Kachouh	2024/05/13
Apache mod_proxy_cluster Exploit, Stored XSS WEBAPPS Author: Mohamed Mounir Boudjema	2024/05/13
iboss Secure Web Gateway Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: odrnProph3	2024/05/08
Clinic Queuing System 1.0 Exploit, RCE WEBAPPS Author: Juan Marco Sanchez	2024/05/08
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Exploit, Device Config Disclosure WEBAPPS Author: iquidWor	2024/05/04
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Exploit, Authentication Bypass WEBAPPS Author: iquidWor	2024/05/04
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Exploit, Device Config Disclosure WEBAPPS Author: iquidWor	2024/05/04
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Exploit, Authentication Bypass WEBAPPS Author: iquidWor	2024/05/04
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Exploit, Device Config Disclosure WEBAPPS Author: iquidWor	2024/05/04
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Exploit, Authentication Bypass WEBAPPS Author: iquidWor	2024/05/04
Flowise 1.6.5 Exploit, Authentication Bypass WEBAPPS Author: Maerifat Majeed	2024/04/21
Laravel Framework 11 Exploit, Credential Leakage WEBAPPS Author: Huseein Amer	2024/04/21
SofaWiki 3.9.2 Exploit, Remote Command Execution (RCE) (Authenticated) WEBAPPS Author: Ahmet Ümit BAYRAM	2024/04/21
Wordpress Plugin Background Image Cropper v1.2 Exploit, Remote Code Execution WEBAPPS Author: Milad karimi	2024/04/21
FlatPress v1.3 Exploit, Remote Command Execution WEBAPPS Author: Ahmet Ümit BAYRAM	2024/04/21
Palo Alto PAN-OS < v11.1.2-h3 Exploit, Command Injection and Arbitrary File Creation REMOTE Author: r0f	2024/04/21
OpenClinic GA 5.247.01 Exploit, Path Traversal (Authenticated) WEBAPPS Author:	2024/04/15
OpenClinic GA 5.247.01 Exploit, Information Disclosure WEBAPPS Author:	2024/04/15
Jenkins 2.441 Exploit, Local File Inclusion WEBAPPS Author: Matisse Beckandt	2024/04/15
djangorestframework-simplejwt 5.3.1 Exploit, Information Disclosure WEBAPPS Author: Dhrumil Mistry	2024/04/15
BMC Compuware iStrobe Web Exploit, 20.13 Exploit, Pre-auth RCE WEBAPPS Author: ranca	2024/04/13
Stock Management System v1.0 Exploit, Unauthenticated SQL Injection WEBAPPS Author: lu3min	2024/04/13
Online Fire Reporting System OFRS Exploit, SQL Injection Authentication Bypass WEBAPPS Author: Diyar Saadi	2024/04/13
Savsoft Quiz v6.0 Enterprise Exploit, Stored XSS WEBAPPS Author: Eren Sen	2024/04/13
Wordpress Plugin WP Video Playlist 1.1.1 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: rdemsta	2024/04/12
WBCE CMS Version 1.6.1 Exploit, Remote Command Execution (Authenticated) WEBAPPS Author: mrswr	2024/04/12
WBCE 1.6.0 Exploit, Unauthenticated SQL injection WEBAPPS Author: young pope	2024/04/12
Moodle 3.10.1 Exploit, Authenticated Blind Time-Based SQL Injection Exploit, _sort_ parameter WEBAPPS Author: Julio Ángel Ferrari	2024/04/12
PrusaSlicer 2.6.1 Exploit, Arbitrary code execution LOCAL Author: Kamil Breński	2024/04/12

SOPlanning 1.52.01 (Simple Online Planning Tool) Exploit, Remote Code Execution (RCE) (Authenticated)
WEBAPPS Author: ybersploi

2024/11/15

reNgine 2.2.0 Exploit, Command Injection (Authenticated)
WEBAPPS Author: Caner Tercan

2024/10/01

openSIS 9.1 Exploit, SQLi (Authenticated)
WEBAPPS Author: Devrim Dıragumandan

2024/10/01

dizqueTV 1.5.3 Exploit, Remote Code Execution (RCE)
WEBAPPS Author: Ahmed Said Saud Al-Busaidi

2024/10/01

NoteMark < 0.13.0 Exploit, Stored XSS
WEBAPPS Author: Alessio Romano (sfoffo)

2024/08/28

Gitea 1.22.0 Exploit, Stored XSS
WEBAPPS Author: Catalin Iovita_ Alexandru Postolache

2024/08/28