Exploit Database

Exploit Description	Date
WordPress Plugin DZS Zoomsounds 6.45 Exploit, Arbitrary File Read (Unauthenticated) WEBAPPS Author: Uriel Yochpaz	2021/12/02
WordPress Plugin Slider by Soliloquy 2.6.2 Exploit, 'title' Stored Cross Site Scripting (XSS) (Authenticated) WEBAPPS Author: Abdurrahman Erkan	2021/12/02
Online Magazine Management System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Mohamed habib Smidi	2021/12/01
Online Pre-owned/Used Car Showroom Management System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Mohamed habib Smidi	2021/12/01
Laundry Booking Management System 1.0 Exploit, Remote Code Execution (RCE) WEBAPPS Author: Pablo Santiago	2021/11/29
opencart 3.0.3.8 Exploit, Sessjion Injection WEBAPPS Author: Hubert Wojciechowski	2021/11/28
orangescrum 1.8.0 Exploit, 'Multiple' Cross-Site Scripting (XSS) (Authenticated) WEBAPPS Author: Hubert Wojciechowski	2021/11/28
orangescrum 1.8.0 Exploit, 'Multiple' SQL Injection (Authenticated) WEBAPPS Author: Hubert Wojciechowski	2021/11/28
HTTPDebuggerPro 9.11 Exploit, Unquoted Service Path LOCAL Author: Aryan Chehreghani	2021/11/23
Bus Pass Management System 1.0 Exploit, 'Search' SQL injection WEBAPPS Author: Abhijeet Singh	2021/11/23
Webrun 3.6.0.42 Exploit, 'P_0' SQL Injection WEBAPPS Author: Vinicius Alves	2021/11/23
Wordpress Plugin WP Guppy 1.1 Exploit, WP-JSON API Sensitive Information Disclosure WEBAPPS Author: Keyvan Hardani	2021/11/22
FLEX 1085 Web 1.6.0 Exploit, HTML Injection WEBAPPS Author: Mr Empy	2021/11/21
GNU gdbserver 9.2 Exploit, Remote Command Execution (RCE) REMOTE Author: Roberto Gesteira Miñarro	2021/11/21
Aimeos Laravel ecommerce platform 2021.10 LTS Exploit, 'sort' SQL injection WEBAPPS Author: Ilker Burak ADIYAMAN	2021/11/20
Wordpress Plugin Smart Product Review 1.0.4 Exploit, Arbitrary File Upload WEBAPPS Author: Keyvan Hardani	2021/11/16
CMDBuild 3.3.2 Exploit, 'Multiple' Cross Site Scripting (XSS) WEBAPPS Author: Hosein Vita	2021/11/15
Online Learning System 2.0 Exploit, Remote Code Execution (RCE) WEBAPPS Author: jebbarano	2021/11/15
PHP Laravel 8.70.1 Exploit, Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF) WEBAPPS Author: Hosein Vita	2021/11/14
WordPress Plugin AccessPress Social Icons 1.8.2 Exploit, 'icon title' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Murat DEMİRCİ	2021/11/13
WordPress Plugin Contact Form to Email 1.3.24 Exploit, Stored Cross Site Scripting (XSS) (Authenticated) WEBAPPS Author: Mohammed Aadhil Ashfaq	2021/11/11
Mumara Classic 2.93 Exploit, 'license' SQL Injection (Unauthenticated) WEBAPPS Author: Shain Lakin	2021/11/11
Windows MultiPoint Server 2011 SP1 Exploit, RpcEptMapper and Dnschade Local Privilege Escalation LOCAL Author: Marcio Mendes	2021/11/11
WordPress Plugin WP Symposium Pro 2021.10 Exploit, 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Murat DEMİRCİ	2021/11/11
Apache HTTP Server 2.4.50 Exploit, Remote Code Execution (RCE) (3) WEBAPPS Author: Valentin Lobstein	2021/11/11
KONGA 0.14.9 Exploit, Privilege Escalation WEBAPPS Author: Fabricio Salomao	2021/11/10
FormaLMS 2.4.4 Exploit, Authentication Bypass WEBAPPS Author: Cristian \'void\' Giustini	2021/11/10
Employee and Visitor Gate Pass Logging System 1.0 Exploit, 'name' Stored Cross-Site Scripting (XSS) WEBAPPS Author: İlhami Selamet	2021/11/10
Employee Daily Task Management System 1.0 Exploit, 'Name' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Ragavender A G	2021/11/09
Money Transfer Management System 1.0 Exploit, Authentication Bypass WEBAPPS Author: Aryan Chehreghani	2021/11/07
Froxlor 0.10.29.1 Exploit, SQL Injection (Authenticated) WEBAPPS Author: Martin Cernac	2021/11/05
Kmaleon 1.1.0.205 Exploit, 'tipocomb' SQL Injection (Authenticated) WEBAPPS Author: Amel BOUZIANE-LEBLOND	2021/11/05
Simple Client Management System 1.0 Exploit, 'multiple' Stored Cross-Site Scripting (XSS) WEBAPPS Author: entinal92	2021/11/05
Simple Client Management System 1.0 Exploit, SQLi (Authentication Bypass) WEBAPPS Author: entinal92	2021/11/05
ImportExportTools NG 10.0.4 Exploit, HTML Injection WEBAPPS Author: ulnerability-La	2021/11/05
Payment Terminal 3.1 Exploit, 'Multiple' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/11/05
10-Strike Network Inventory Explorer Pro 9.31 Exploit, 'srvInventoryWebServer' Unquoted Service Path LOCAL Author: Brian Rodriguez	2021/11/04
Opencart 3 Extension TMD Vendor System Exploit, Blind SQL Injection WEBAPPS Author: Muhammad Zaki Sulistya	2021/11/03
OpenAM 13.0 Exploit, LDAP Injection WEBAPPS Author: Charlton Trezevant	2021/11/03
WordPress Plugin Popup Anything 2.0.3 Exploit, 'Multiple' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Luca Schembri	2021/11/03
Eclipse Jetty 11.0.5 Exploit, Sensitive File Disclosure WEBAPPS Author: Mayank Deshmukh	2021/11/03
Fuel CMS 1.4.1 Exploit, Remote Code Execution (3) WEBAPPS Author: Padsala Trushal	2021/11/03
YouTube Video Grabber 1.9.9.1 Exploit, Buffer Overflow (SEH) LOCAL Author: tresse	2021/11/01
10-Strike Network Inventory Explorer Pro 9.31 Exploit, Buffer Overflow (SEH) LOCAL Author: o0	2021/10/31
Kingdia CD Extractor 3.0.2 Exploit, Buffer Overflow (SEH) LOCAL Author: tresse	2021/10/31
Employee Record Management System 1.2 Exploit, 'empid' SQL injection (Unauthenticated) WEBAPPS Author: Anubhav Singh	2021/10/31
Dynojet Power Core 2.3.0 Exploit, Unquoted Service Path LOCAL Author: Pedro Sousa Rodrigues	2021/10/30
WordPress Plugin Hotel Listing 3 Exploit, 'Multiple' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/28
PHPJabbers Simple CMS 5 Exploit, 'name' Persistent Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/28
i3 International Annexxus Cameras Ax-n 5.2.0 Exploit, Application Logic Flaw WEBAPPS Author: iquidWor	2021/10/27
PHPGurukul Hostel Management System 2.1 Exploit, Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) WEBAPPS Author: Anubhav Singh	2021/10/27
Ultimate POS 4.4 Exploit, 'name' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/26
Vanguard 2.1 Exploit, 'Search' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/26
WordPress Plugin Ninja Tables 4.1.7 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: Akash Patil	2021/10/25
WordPress Plugin Media-Tags 3.2.0.2 Exploit, Stored Cross-Site Scripting (XSS) WEBAPPS Author: Akash Patil	2021/10/25
Balbooa Joomla Forms Builder 2.0.6 Exploit, SQL Injection (Unauthenticated) WEBAPPS Author: lockomat210	2021/10/24
Build Smart ERP 21.0817 Exploit, 'eidValue' SQL Injection (Unauthenticated) WEBAPPS Author: Nehru Sethuraman	2021/10/24
Netgear Genie 2.4.64 Exploit, Unquoted Service Path LOCAL Author: Mert Daş	2021/10/23
WordPress Plugin TaxoPress 3.0.7.1 Exploit, Stored Cross-Site Scripting (XSS) (Authenticated) WEBAPPS Author: Akash Patil	2021/10/23
Isshue Shopping Cart 3.5 Exploit, 'Title' Cross Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/22
Mult-e-Cart Ultimate 2.4 Exploit, 'id' SQL Injection WEBAPPS Author: ulnerability-La	2021/10/22
Engineers Online Portal 1.0 Exploit, 'id' SQL Injection WEBAPPS Author: Alon Leviev	2021/10/22
Engineers Online Portal 1.0 Exploit, 'multiple' Authentication Bypass WEBAPPS Author: Alon Leviev	2021/10/22
Engineers Online Portal 1.0 Exploit, 'multiple' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Alon Leviev	2021/10/22
Online Event Booking and Reservation System 1.0 Exploit, 'reason' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Alon Leviev	2021/10/22
PHP Melody 3.0 Exploit, Persistent Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/21
Online Course Registration 1.0 Exploit, Blind Boolean-Based SQL Injection (Authenticated) WEBAPPS Author: Sam Ferguson	2021/10/21
Jetty 9.4.37.v20210219 Exploit, Information Disclosure WEBAPPS Author: Mayank Deshmukh	2021/10/21
PHP Melody 3.0 Exploit, 'vid' SQL Injection WEBAPPS Author: ulnerability-La	2021/10/20
PHP Melody 3.0 Exploit, 'Multiple' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/20
Small CRM 3.0 Exploit, 'description' Stored Cross-Site Scripting (XSS) WEBAPPS Author: hulie	2021/10/20
Macro Expert 4.7 Exploit, Unquoted Service Path LOCAL Author: Mert Daş	2021/10/20
Bludit 3.13.1 Exploit, 'username' Cross Site Scripting (XSS) WEBAPPS Author: as	2021/10/19
Simplephpscripts Simple CMS 2.1 Exploit, 'Multiple' SQL Injection WEBAPPS Author: ulnerability-La	2021/10/19
Simplephpscripts Simple CMS 2.1 Exploit, 'Multiple' Stored Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/19
Sonicwall SonicOS 6.5.4 Exploit, 'Common Name' Cross-Site Scripting (XSS) WEBAPPS Author: ulnerability-La	2021/10/18
RDP Manager 4.9.9.3 Exploit, Denial-of-Service (PoC) LOCAL Author: ulnerability-La	2021/10/18
Dolibarr ERP-CRM 14.0.2 Exploit, Stored Cross-Site Scripting (XSS) / Privilege Escalation WEBAPPS Author: Oscar Gil Gutierrez	2021/10/18
WordPress Theme Enfold 4.8.3 Exploit, Reflected Cross-Site Scripting (XSS) WEBAPPS Author: David Álvarez Robles	2021/10/18
Plastic SCM 10.0.16.5622 Exploit, WebAdmin Server Access WEBAPPS Author: Basavaraj Banakar	2021/10/18
Company's Recruitment Management System 1.0 Exploit, 'Add New user' Cross-Site Request Forgery (CSRF) WEBAPPS Author: Aniket Deshmane	2021/10/18
Company's Recruitment Management System 1.0 Exploit, 'description' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Aniket Deshmane	2021/10/18
Company's Recruitment Management System 1.0. Exploit, 'title' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Aniket Deshmane	2021/10/17
Gurock Testrail 7.2.0.3014 Exploit, 'files.md5' Improper Access Control WEBAPPS Author: Sick Codes	2021/10/16
Pharmacy Point of Sale System 1.0 Exploit, 'Add New User' Cross-Site Request Forgery (CSRF) WEBAPPS Author: Murat DEMİRCİ	2021/10/16
Support Board 3.3.4 Exploit, 'Message' Stored Cross-Site Scripting (XSS) WEBAPPS Author: John Jefferson Li	2021/10/16
SolarWinds Kiwi CatTools 3.11.8 Exploit, Unquoted Service Path LOCAL Author: Mert Daş	2021/10/14
Logitech Media Server 8.2.0 Exploit, 'Title' Cross-Site Scripting (XSS) WEBAPPS Author: Mert Daş	2021/10/12
YeaLink SIP-TXXXP 53.84.0.15 Exploit, 'cmd' Command Injection (Authenticated) WEBAPPS Author: ahaafaroo	2021/10/11
Easy Chat Server 3.1 Exploit, Directory Traversal and Arbitrary File Read WEBAPPS Author: 4nd3	2021/10/11
Student Quarterly Grading System 1.0 Exploit, 'grade' Stored Cross-Site Scripting (XSS) WEBAPPS Author: Hüseyin Serkan Balkanli	2021/10/11
Simple Issue Tracker System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Bekir Bugra TURKOGLU	2021/10/11
Online Learning System 2.0 Exploit, 'Multiple' SQLi Authentication Bypass WEBAPPS Author: lackha	2021/10/11
Keycloak 12.0.1 Exploit, 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) WEBAPPS Author: Mayank Deshmukh	2021/10/09
Company's Recruitment Management System 1.0 Exploit, 'Multiple' SQL Injection (Unauthenticated) WEBAPPS Author: Yash Mahajan	2021/10/09
Simple Payroll System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Yash Mahajan	2021/10/09
Loan Management System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Merve Oral	2021/10/08
Online Employees Work From Home Attendance System 1.0 Exploit, SQLi Authentication Bypass WEBAPPS Author: Merve Oral	2021/10/08
WordPress Plugin Pie Register 3.7.1.4 Exploit, Admin Privilege Escalation (Unauthenticated) WEBAPPS Author: otfi13-D	2021/10/08
orangescrum 1.8.0 Exploit, Privilege escalation (Authenticated) WEBAPPS Author: Hubert Wojciechowski	2021/10/07

WordPress Plugin DZS Zoomsounds 6.45 Exploit, Arbitrary File Read (Unauthenticated)
WEBAPPS Author: Uriel Yochpaz

2021/12/02

WordPress Plugin Slider by Soliloquy 2.6.2 Exploit, 'title' Stored Cross Site Scripting (XSS) (Authenticated)
WEBAPPS Author: Abdurrahman Erkan

2021/12/02

Online Magazine Management System 1.0 Exploit, SQLi Authentication Bypass
WEBAPPS Author: Mohamed habib Smidi

2021/12/01

Online Pre-owned/Used Car Showroom Management System 1.0 Exploit, SQLi Authentication Bypass
WEBAPPS Author: Mohamed habib Smidi

2021/12/01

Laundry Booking Management System 1.0 Exploit, Remote Code Execution (RCE)
WEBAPPS Author: Pablo Santiago

2021/11/29

opencart 3.0.3.8 Exploit, Sessjion Injection
WEBAPPS Author: Hubert Wojciechowski

2021/11/28