/ Exploit Database
TitleTypePlatform
reNgine 2.2.0 - Command Injection (Authenticated)WebAppsMultiple
NoteMark < 0.13.0 - Stored XSSWebAppsMultiple
Gitea 1.22.0 - Stored XSSWebAppsMultiple
101 News 1.0 - Multiple-SQLiWebAppsMultiple
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File ReadWebAppsMultiple
Atlassian Confluence < 8.5.3 - Remote Code ExecutionWebAppsMultiple
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)WebAppsMultiple
Best Student Result Management System v1.0 - Multiple SQLiWebAppsMultiple
Blood Bank v1.0 - Multiple SQL InjectionWebAppsMultiple
Broken Access Control - on NodeBB v3.6.7WebAppsMultiple
changedetection < 0.45.20 - Remote Code Execution (RCE)WebAppsMultiple
Computer Laboratory Management System v1.0 - Multiple-SQLiWebAppsMultiple
CVE-2023-50071 - Multiple SQL InjectionWebAppsMultiple
dawa-pharma 1.0-2022 - Multiple-SQLiWebAppsMultiple
Easywall 0.3.1 - Authenticated Remote Command ExecutionWebAppsMultiple
FlatNuke 2.5.x - 'index.php' Multiple Remote File InclusionsWebAppsMultiple
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection VulnerabilitiesWebAppsMultiple
Human Resource Management System v1.0 - Multiple SQLiWebAppsMultiple
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)WebAppsMultiple
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSSWebAppsMultiple
Ivanti vADC 9.9 - Authentication BypassWebAppsMultiple
Kemp Load Master 7.1.16 - Multiple VulnerabilitiesWebAppsMultiple
Magento ver. 2.4.6 - XSLT Server Side InjectionWebAppsMultiple
Nagios XI Version 2024R1.01 - SQL InjectionWebAppsMultiple
OSGi v3.7.2 (and below) Console - RCEWebAppsMultiple
OSGi v3.8-3.18 Console - RCEWebAppsMultiple
PHP Shopping Cart 4.2 - Multiple-SQLiWebAppsMultiple
SISQUALWFM 7.1.319.103 - Host Header InjectionWebAppsMultiple
Sitefinity 15.0 - Cross-Site Scripting (XSS)WebAppsMultiple
SnipeIT 6.2.1 - Stored Cross Site ScriptingWebAppsMultiple
SolarWinds Platform 2024.1 SR1 - Race ConditionWebAppsMultiple
Splunk 9.0.4 - Information DisclosureWebAppsMultiple
SuperStoreFinder - Multiple VulnerabilitiesWebAppsMultiple
SureMDM On-premise < 6.31 - CAPTCHA Bypass User EnumerationWebAppsMultiple
symantec Web gateway 5.0.2.8 - Multiple VulnerabilitiesWebAppsMultiple
TP-LINK TL-WR740N - Multiple HTML InjectionWebAppsMultiple
WhatsUp Gold 2022 (22.1.0 Build 39) - XSSWebAppsMultiple
Wondercms 4.3.2 - XSS to RCEWebAppsMultiple
Calibre-web 0.6.21 - Stored XSSWebAppsMultiple
xbtitFM 4.1.18 - Multiple VulnerabilitiesWebAppsMultiple
openSIS 9.1 - SQLi (Authenticated)WebAppsPHP
Helpdeskz v2.0.2 - Stored XSSWebAppsPHP
101 News 1.0 - Multiple-SQLiWebAppsPHP
Academy LMS 6.2 - SQL InjectionWebAppsPHP
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)WebAppsPHP
AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.WebAppsPHP
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)WebAppsPHP
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)WebAppsPHP
Akaunting 3.1.8 - Server-Side Template Injection (SSTI)WebAppsPHP
Akaunting < 3.1.3 - RCEWebAppsPHP
Apache mod_proxy_cluster - Stored XSSWebAppsPHP
appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)WebAppsPHP
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)WebAppsPHP
Automatic-Systems SOC FL9600 FastLine - Directory TransversalWebAppsPHP
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super adminWebAppsPHP
Axigen < 10.5.7 - Persistent Cross-Site ScriptingWebAppsPHP
Azon Dominator Affiliate Marketing Script - SQL InjectionWebAppsPHP
Backdrop CMS 1.23.0 - Stored XSSWebAppsPHP
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)WebAppsPHP
Bank Locker Management System - SQL InjectionWebAppsPHP
Best Student Result Management System v1.0 - Multiple SQLiWebAppsPHP
Blood Bank 1.0 - 'bid' SQLiWebAppsPHP
Blood Bank v1.0 - Multiple SQL InjectionWebAppsPHP
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)WebAppsPHP
Boelter Blue System Management 1.3 - SQL InjectionWebAppsPHP
Boss Mini 1.4.0 - local file inclusionWebAppsPHP
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL InjectionWebAppsPHP
Carbon Forum 5.9.0 - Stored XSSWebAppsPHP
CE Phoenix v1.0.8.20 - Remote Code ExecutionWebAppsPHP
CE Phoenix Version 1.0.8.20 - Stored XSSWebAppsPHP
Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)WebAppsPHP
Client Details System 1.0 - SQL InjectionWebAppsPHP
Clinic Queuing System 1.0 - RCEWebAppsPHP
Clinic's Patient Management System 1.0 - Unauthenticated RCEWebAppsPHP
CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)WebAppsPHP
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting ResetWebAppsPHP
Computer Laboratory Management System v1.0 - Multiple-SQLiWebAppsPHP
Craft CMS 4.4.14 - Unauthenticated Remote Code ExecutionWebAppsPHP
CSZ CMS Version 1.3.0 - Authenticated Remote Command ExecutionWebAppsPHP
CSZCMS v1.3.0 - SQL Injection (Authenticated)WebAppsPHP
Curfew e-Pass Management System 1.0 - FromDate SQL InjectionWebAppsPHP
Customer Support System 1.0 - Stored XSSWebAppsPHP
CVE-2023-50071 - Multiple SQL InjectionWebAppsPHP
Daily Expense Manager 1.0 - 'term' SQLiWebAppsPHP
Daily Habit Tracker 1.0 - Broken Access ControlWebAppsPHP
Daily Habit Tracker 1.0 - SQL InjectionWebAppsPHP
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)WebAppsPHP
DataCube3 v1.0 - Unrestricted file upload 'RCE'WebAppsPHP
dawa-pharma 1.0-2022 - Multiple-SQLiWebAppsPHP
Discloser 0.0.4-rc2 - 'index.php?more' SQL InjectionWebAppsPHP
Dotclear 2.29 - Remote Code Execution (RCE)WebAppsPHP
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)WebAppsPHP
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config DisclosureWebAppsPHP
Elementor Website Builder < 3.12.2 - Admin+ SQLiWebAppsPHP
elFinder Web file manager Version - 2.1.53 Remote Command ExecutionWebAppsPHP
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)WebAppsPHP
Employee Management System 1.0 - 'admin_id' SQLiWebAppsPHP
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)WebAppsPHP
htmlLawed 1.2.5 - Remote Code Execution (RCE)WebAppsPHP
HTMLy Version v2.9.6 - Stored XSSWebAppsPHP
Human Resource Management System 1.0 - 'employeeid' SQL InjectionWebAppsPHP
Human Resource Management System v1.0 - Multiple SQLiWebAppsPHP
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)WebAppsPHP
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSSWebAppsPHP
JFrog Artifactory < 7.25.4 - Blind SQL InjectionWebAppsPHP
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)WebAppsPHP
kk Star Ratings < 5.4.6 - Rating Tampering via Race ConditionWebAppsPHP
Laravel Framework 11 - Credential LeakageWebAppsPHP
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)WebAppsPHP
LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)WebAppsPHP
LimeSurvey Community 5.3.32 - Stored XSSWebAppsPHP
liveSite Version 2019.1 - Remote Code ExecutionWebAppsPHP
Lost and Found Information System v1.0 - (IDOR) leads to Account TakeoverWebAppsPHP
Lot Reservation Management System - Unauthenticated File DisclosureWebAppsPHP
Lot Reservation Management System - Unauthenticated File Upload and Remote Code ExecutionWebAppsPHP
Mambo Component pc_cookbook 0.3 - Remote File InclusionWebAppsPHP
Microweber 2.0.15 - Stored XSSWebAppsPHP
MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path DisclosureWebAppsPHP
MISP 2.4.171 - Stored XSSWebAppsPHP
MobileShop master v1.0 - SQL Injection Vuln.WebAppsPHP
Monstra CMS 3.0.4 - Remote Code Execution (RCE)WebAppsPHP
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameterWebAppsPHP
Moodle 4.3 - Insecure Direct Object ReferenceWebAppsPHP
Neontext WordPress Plugin - Stored XSSWebAppsPHP
Online Fire Reporting System OFRS - SQL Injection Authentication BypassWebAppsPHP
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)WebAppsPHP
Online Nurse Hiring System 1.0 - Time-Based SQL InjectionWebAppsPHP
Online Shopping System Advanced - Sql InjectionWebAppsPHP
Open Source Medicine Ordering System v1.0 - SQLiWebAppsPHP
OpenCart Core 4.0.2.3 - 'search' SQLiWebAppsPHP
OpenClinic GA 5.247.01 - Information DisclosureWebAppsPHP
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)WebAppsPHP
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)WebAppsPHP
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)WebAppsPHP
PHP Shopping Cart 4.2 - Multiple-SQLiWebAppsPHP
phpFox < 4.8.13 - (redirect) PHP Object Injection ExploitWebAppsPHP
PopojiCMS 2.0.1 - Remote Command Execution (RCE)WebAppsPHP
PopojiCMS Version 2.0.1 - Remote Command ExecutionWebAppsPHP
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)WebAppsPHP
Prison Management System - SQL Injection Authentication BypassWebAppsPHP
Purei CMS 1.0 - SQL InjectionWebAppsPHP
PyroCMS v3.0.1 - Stored XSSWebAppsPHP
Quick.CMS 6.7 - SQL Injection Login BypassWebAppsPHP
Rail Pass Management System 1.0 - Time-Based SQL InjectionWebAppsPHP
Red Mombin 0.7 - 'index.php' Cross-Site ScriptingWebAppsPHP
Red Mombin 0.7 - 'process_login.php' Cross-Site ScriptingWebAppsPHP
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)WebAppsPHP
Savsoft Quiz v6.0 Enterprise - Stored XSSWebAppsPHP
Serendipity 2.5.0 - Remote Code Execution (RCE)WebAppsPHP
Service Provider Management System v1.0 - SQL InjectionWebAppsPHP
Simple Backup Plugin Python Exploit 2.7.10 - Path TraversalWebAppsPHP
Simple Task List 1.0 - 'status' SQLiWebAppsPHP
Smart School 6.4.1 - SQL InjectionWebAppsPHP
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)WebAppsPHP
SPA-CART CMS - Stored XSSWebAppsPHP
Stock Management System v1.0 - Unauthenticated SQL InjectionWebAppsPHP
SuperStoreFinder - Multiple VulnerabilitiesWebAppsPHP
taskhub 2.8.7 - SQL InjectionWebAppsPHP
Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLiWebAppsPHP
Tourism Management System v2.0 - Arbitrary File UploadWebAppsPHP
TYPO3 11.5.24 - Path Traversal (Authenticated)WebAppsPHP
UPS Network Management Card 4 - Path TraversalWebAppsPHP
V-Webmail 1.6.4 - '/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File InclusionWebAppsPHP
Wallos < 1.11.2 - File Upload RCEWebAppsPHP
WBCE 1.6.0 - Unauthenticated SQL injectionWebAppsPHP
WBCE CMS v1.6.2 - Remote Code Execution (RCE)WebAppsPHP
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)WebAppsPHP
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)WebAppsPHP
WEBIGniter v28.7.23 - Stored XSSWebAppsPHP
Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)WebAppsPHP
WordPress Augmented-Reality - Remote Code Execution UnauthenticatedWebAppsPHP
WordPress File Upload Plugin < 4.23.3 - Stored XSSWebAppsPHP
WordPress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)WebAppsPHP
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)WebAppsPHP
WordPress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)WebAppsPHP
WordPress Plugin Background Image Cropper v1.2 - Remote Code ExecutionWebAppsPHP
WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)WebAppsPHP
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account TakeoverWebAppsPHP
WordPress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)WebAppsPHP
WordPress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)WebAppsPHP
WordPress Seotheme - Remote Code Execution UnauthenticatedWebAppsPHP
WordPress Theme Travelscape v1.0.3 - Arbitrary File UploadWebAppsPHP
WordPress Theme XStore 9.3.8 - SQLiWebAppsPHP
Workout Journal App 1.0 - Stored XSSWebAppsPHP
WP Fastest Cache 1.2.2 - Unauthenticated SQL InjectionWebAppsPHP
WP Rocket < 2.10.3 - Local File Inclusion (LFI)WebAppsPHP
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)WebAppsPHP
xbtitFM 4.1.18 - Multiple VulnerabilitiesWebAppsPHP
Xhibiter NFT Marketplace 1.10.2 - SQL InjectionWebAppsPHP
XMB 1.9.12.06 - Stored XSSWebAppsPHP
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site ScriptingWebAppsPHP
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCEWebAppsPHP
Zoo Management System 1.0 - Unauthenticated RCEWebAppsPHP
AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.WebAppsGo
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)WebAppsGo
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)WebAppsGo
Casdoor < v1.331.0 - '/api/set-password' CSRFWebAppsGo
djangorestframework-simplejwt 5.3.1 - Information DisclosureWebAppsGo
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection VulnerabilitiesWebAppsGo
Ladder v0.0.21 - Server-side request forgery (SSRF)WebAppsGo
Nokia BMC Log Scanner - Remote Code ExecutionWebAppsGo
WhatsUp Gold 2022 (22.1.0 Build 39) - XSSWebAppsGo
dizqueTV 1.5.3 - Remote Code Execution (RCE)WebAppsJSP
BMC Compuware iStrobe Web - 20.13 - Pre-auth RCEWebAppsJSP
ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File UploadWebAppsJSP
Sitecore - Remote Code Execution v8.2WebAppsASPX
Numbas < v7.3 - Remote Code ExecutionWebAppsNodeJS
Invesalius3 - Remote Code ExecutionWebAppsPython
Devika v1 - Path Traversal via 'snapshot_path'WebAppsPython
djangorestframework-simplejwt 5.3.1 - Information DisclosureWebAppsPython
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)WebAppsPython
Simple Backup Plugin Python Exploit 2.7.10 - Path TraversalWebAppsPython
Aurba 501 - Authenticated RCEWebAppsLinux
Metabase 0.46.6 - Pre-Auth Remote Code ExecutionWebAppsLinux
Nokia BMC Log Scanner - Remote Code ExecutionWebAppsLinux
symantec Web gateway 5.0.2.8 - Multiple VulnerabilitiesWebAppsLinux
HughesNet HT2000W Satellite Modem - Password ResetWebAppsHardware
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config DisclosureWebAppsHardware
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication BypassWebAppsHardware
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device ConfigWebAppsHardware
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication BypassWebAppsHardware
Aquatronica Control System 5.1.6 - Information DisclosureWebAppsHardware
Check Point Security Gateway - Information Disclosure (Unauthenticated)WebAppsHardware
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCEWebAppsHardware
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication BypassWebAppsHardware
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication BypassWebAppsHardware
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config DisclosureWebAppsHardware
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication BypassWebAppsHardware
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config DisclosureWebAppsHardware
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials DisclosureWebAppsHardware
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication BypassWebAppsHardware
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials DisclosureWebAppsHardware
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code ExecutionWebAppsHardware
Electrolink FM/DAB/TV Transmitter - Remote Authentication RemovalWebAppsHardware
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)WebAppsHardware
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)WebAppsHardware
GLiNet - Router Authentication BypassWebAppsHardware
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDORWebAppsHardware
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSSWebAppsHardware
TP-Link TL-WR740N - Buffer Overflow 'DOS'WebAppsHardware
TP-LINK TL-WR740N - Multiple HTML InjectionWebAppsHardware
TP-Link TL-WR740N - UnAuthenticated Directory TransversalWebAppsHardware
Apache OFBiz 18.12.12 - Directory TraversalWebAppsJava
Jenkins 2.441 - Local File InclusionWebAppsJava
Karaf v4.4.3 Console - RCEWebAppsJava
Flowise 1.6.5 - Authentication BypassWebAppsTypeScript
Windows TCP/IP - RCE Checker and Denial of ServiceDoSWindows
XAMPP - Buffer Overflow POCDoSWindows
Elasticsearch - StackOverflow DoSDoSMultiple
LibTiff 3.x - Multiple Denial of Service VulnerabilitiesDoSMultiple
OpenSSL SSLv2 - Null Pointer Dereference Client Denial of ServiceDoSMultiple
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'DoSMultiple
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoSDoSHardware
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of ServiceDoSHardware
TP-Link TL-WR740N - Buffer Overflow 'DOS'DoSHardware
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of ServiceDoSHardware
7 Sticky Notes v1.9 - OS Command InjectionLocalWindows
AnyDesk 7.0.15 - Unquoted Service PathLocalWindows
ASUS Control Center Express 01.06.15 - Unquoted Service PathLocalWindows
Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege EscalationLocalWindows
ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service PathLocalWindows
Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service PathLocalWindows
KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer OverflowLocalWindows
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer OverflowLocalWindows
KiTTY 0.76.1.13 - Command InjectionLocalWindows
LaborOfficeFree 19.10 - MySQL Root Password CalculatorLocalWindows
Microsoft Windows 10.0.17763.5458 - Kernel Privilege EscalationLocalWindows
Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.GLocalWindows
Microsoft Windows Defender - VBScript Detection BypassLocalWindows
Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation BypassLocalWindows
Microsoft Windows Defender Bypass - Detection Mitigation BypassLocalWindows
MuPDF < 20091125231942 - 'pdf_shade4.c' Multiple Stack Buffer OverflowsLocalWindows
Oracle Database 12c Release 1 - Unquoted Service PathLocalWindows
Plantronics Hub 3.25.1 - Arbitrary File ReadLocalWindows
Rapid7 nexpose - 'nexposeconsole' Unquoted Service PathLocalWindows
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service PathLocalWindows
Terratec dmx_6fire USB - Unquoted Service PathLocalWindows
Typora v1.7.4 - OS Command InjectionLocalWindows
Windows PowerShell - Event Log Bypass Single Quote Code ExecutionLocalWindows
Zip Unzip 6.0 - '.zip' Local Stack Buffer OverflowLocalWindows
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege EscalationLocalWindows
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]LocalLinux
Dell Security Management Server <1.9.0 - Local Privilege EscalationLocalLinux
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAllocLocalMultiple
MuPDF < 20091125231942 - 'pdf_shade4.c' Multiple Stack Buffer OverflowsLocalMultiple
PrusaSlicer 2.6.1 - Arbitrary code executionLocalMultiple
vm2 - sandbox escapeLocalMultiple
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File CreationRemoteLinux_x86-64
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
RemoteGo
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
RemoteGo
Nokia BMC Log Scanner - Remote Code ExecutionRemoteGo
DS Wireless Communication - Remote Code Execution
RemoteHardware
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
RemoteHardware
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
RemoteHardware
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
RemoteHardware
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
RemoteHardware
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
RemoteHardware
GL-iNet MT6000 4.5.5 - Arbitrary File Download
RemoteHardware
GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
RemoteHardware
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
RemoteHardware
GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit
RemoteHardware
HNAS SMU 14.8.7825 - Information Disclosure
RemoteHardware
Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
RemoteHardware
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
RemoteHardware
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
RemoteHardware
Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass
RemoteHardware
R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure
RemoteHardware
Ricoh Printer - Directory and File Exposure
RemoteHardware
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
RemoteHardware
Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure
RemoteHardware
SolarView Compact 6.00 - Command Injection
RemoteHardware
TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure
RemoteHardware
TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password
RemoteHardware
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
RemoteHardware
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
RemoteHardware
TEM Opera Plus FM Family Transmitter 35.45 - XSRF
RemoteHardware
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
RemoteHardware
TPC-110W - Missing Authentication for Critical Function
RemoteHardware
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
RemoteHardware
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
RemoteHardware
Zyxel zysh - Format stringRemoteHardware
GitLab CE/EE < 16.7.2 - Password Reset
RemoteJava
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)RemoteJava

The best introduction to hacking is now AN UNBEATABLE Price

over 56 hours of videos, 10 courses, and 3 books

$149

CLICK. LEARN. TAKE OVER.

Master OTW assembled this powerhouse bundle with everything you need to start hacking and build a career 

one purchaser wins a free 3-year Subscriber training package

don't miss out

;