Exploit Database

Numbers of exploit: 49873


<< back <<     >> next >>

ID Exploit name Type Platform Author Date
50142 CASAP Automated Enrollment System 1.0 - Authentication Bypass webapps PHP Himanshu Shukla 2021-01-22
50143 ERPNext 12.14.0 - SQL Injection (Authenticated) webapps Multiple Hodorsec 2021-01-22
50144 Atlassian Confluence Widget Connector Macro - SSTI webapps Multiple 46o60 2021-01-22
50145 Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) shellcode Windows_x86 Armando Huesca Prida 2021-01-22
50126 Online Documents Sharing Platform 1.0 - ˙user˙ SQL Injection webapps PHP CANKAT ÇAKMAK 2021-01-21
50127 Apartment Visitors Management System 1.0 - ˙email˙ SQL Injection webapps PHP CANKAT ÇAKMAK 2021-01-21
50128 Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting webapps PHP Matthew Aberegg 2021-01-21
50129 Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit) webapps PHP SunCSR Team 2021-01-21
50130 Anchor CMS 0.12.7 - CSRF (Delete user) webapps Multiple Ninad Mishra 2021-01-21
50122 ChurchRota 2.6.4 - RCE (Authenticated) webapps Multiple Rob McCarthy 2021-01-20
50123 Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS webapps Multiple omurugur 2021-01-20
50124 Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) webapps PHP Richard Jones 2021-01-20
50125 Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) shellcode Linux_x86 Felipe Winsnes 2021-01-20
50120 osTicket 1.14.2 - SSRF webapps PHP Talat Mehmood 2021-01-19
50121 Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) shellcode Linux Guillem Alminyana 2021-01-19
50115 Cisco UCS Manager 2.2(1d) - Remote Command Execution webapps Hardware liquidsky 2021-01-18
50116 Xwiki CMS 12.10.2 - Cross Site Scripting (XSS) webapps Multiple Karan Keswani 2021-01-18
50117 Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) webapps Hardware Henrik Pedersen 2021-01-18
50118 Life Insurance Management System 1.0 - ˙client_id˙ SQL Injection webapps PHP Aitor Herrero 2021-01-18
50119 Life Insurance Management System 1.0 - File Upload RCE (Authenticated) webapps PHP Aitor Herrero 2021-01-18
50105 PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) webapps PHP Mohamed Oosman 2021-01-15
50106 WordPress Plugin Easy Contact Form 1.1.7 - ˙Name˙ Stored Cross-Site Scripting (XSS) webapps PHP Rahul Ramakant Singh 2021-01-15
50107 Online Hotel Reservation System 1.0 - ˙description˙ Stored Cross-site Scripting webapps PHP Mesut Cetin 2021-01-15
50108 Online Hotel Reservation System 1.0 - ˙id˙ Time-based SQL Injection webapps PHP Mesut Cetin 2021-01-15
50109 Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) webapps PHP Mesut Cetin 2021-01-15
50110 Online Hotel Reservation System 1.0 - ˙person˙ time-based SQL Injection webapps PHP Mesut Cetin 2021-01-15
50111 EyesOfNetwork 5.3 - File Upload Remote Code Execution webapps Multiple Audencia Business SCHOOL Red Tea 2021-01-15
50112 Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS webapps PHP Siva Rajendran 2021-01-15
50113 E-Learning System 1.0 - Authentication Bypass & RCE POC webapps PHP Himanshu Shukla 2021-01-15
50114 Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) webapps Multiple AkkuS 2021-01-15
50100 Online Movie Streaming 1.0 - Admin Authentication Bypass webapps PHP Richard Jones 2021-01-14
50101 Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated) webapps PHP Haboob Team 2021-01-14
50102 Online Shopping Cart System 1.0 - ˙id˙ SQL Injection webapps PHP Aydın Baran Ertemir 2021-01-14
50103 Laravel 8.4.2 debug mode - Remote code execution webapps PHP SunCSR Team 2021-01-14
50104 Cisco RV110W 1.2.1.7 - ˙vpn_account˙ Denial of Service (PoC) webapps Hardware Shizhi He 2021-01-14
50096 Practical Insight Into Injections - Paper papers Multiple Hanut Kumar Arora 2021-01-13
50097 Erlang Cookie - Remote Code Execution remote Multiple 1F98D 2021-01-13
50098 Deep Insight into Social Engineering - Paper papers Multiple Rushil Saxena 2021-01-13
50099 Online Hotel Reservation System 1.0 - Admin Authentication Bypass webapps PHP Richard Jones 2021-01-13
50090 A hands-on approach to Linux Privilege Escalation - Paper papers Linux Tanishq Sharma 2021-01-12
50091 Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) webapps PHP Enesdex 2021-01-12
50092 Cemetry Mapping and Information System 1.0 - Multiple SQL Injections webapps PHP Mesut Cetin 2021-01-12
50093 Ethical Hacking and Penetration Testing Guide - Paper (Turkish) papers Multiple Furkan Enes Polatoğlu 2021-01-12
50094 SmartAgent 3.1.0 - Privilege Escalation webapps Multiple Orion Hridoy 2021-01-12
50095 Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) shellcode Linux ac3 2021-01-12
50081 EyesOfNetwork 5.3 - RCE & PrivEsc webapps Multiple Audencia Business SCHOOL Red Tea 2021-01-11
50082 Anchor CMS 0.12.7 - ˙markdown˙ Stored Cross-Site Scripting webapps Multiple Ramazan Mert GÖKTEN 2021-01-11
50083 EyesOfNetwork 5.3 - LFI webapps Multiple Audencia Business SCHOOL Red Tea 2021-01-11
50084 Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting webapps PHP Mesut Cetin 2021-01-11
50085 WordPress Plugin Custom Global Variables 1.0.5 - ˙name˙ Stored Cross-Site Scripting (XSS) webapps PHP Swapnil Subhash Bodekar 2021-01-11
50086 OpenCart 3.0.36 - ATO via Cross Site Request Forgery webapps PHP Mahendra Purbia 2021-01-11
50087 Wireshark for Noobs - Paper papers Multiple Anmol K Sachan 2021-01-11
50088 PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval local Windows rootabeta 2021-01-11
50089 Prestashop 1.7.7.0 - ˙id_product˙ Time Based Blind SQL Injection webapps PHP Jaimin Gondaliya 2021-01-11
50074 Life Insurance Management System 1.0 - Multiple Stored XSS webapps PHP Arnav Tripathy 2021-01-08
50075 Online Doctor Appointment System 1.0 - Multiple Stored XSS webapps PHP Mohamed habib Smidi 2021-01-08
50076 Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated) webapps Multiple Metin Yunus Kandemir 2021-01-08
50077 Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit) webapps Java SunCSR Team 2021-01-08
50078 WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit) webapps PHP SunCSR Team 2021-01-08
50079 Practical PHP Security - Paper papers PHP Andrey Stoykov 2021-01-08
50080 Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit) webapps PHP SunCSR Team 2021-01-08
50065 iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information) webapps Hardware h4cks1n 2021-01-07
50067 ECSIMAGING PACS 6.21.5 - Remote code execution webapps PHP shoxxdj 2021-01-07
50068 Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution webapps PHP Saeed Bala Ahmed 2021-01-07
50069 Cockpit CMS 0.6.1 - Remote Code Execution webapps PHP Rafael Resende 2021-01-07
50070 Curfew e-Pass Management System 1.0 - Stored XSS webapps PHP Arnav Tripathy 2021-01-07
50071 ECSIMAGING PACS 6.21.5 - SQL injection webapps PHP shoxxdj 2021-01-07
50072 CRUD Operation 1.0 - Multiple Stored XSS webapps PHP Arnav Tripathy 2021-01-07
50047 Understanding and Exploiting Zerologon - Paper papers Windows Siddharth Balyan 2021-01-06
50048 Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF) webapps PHP Rahul Ramakant Singh 2021-01-06
50049 dirsearch 0.4.1 - CSV Injection local Python Dolev Farhi 2021-01-06
50050 IObit Uninstaller 10 Pro - Unquoted Service Path local Windows Mayur Parmar 2021-01-06
50051 IPeakCMS 3.5 - Boolean-based blind SQLi webapps Multiple MoeAlBarbari 2021-01-06
50052 Expense Tracker 1.0 - ˙Expense Name˙ Stored Cross-Site Scripting webapps PHP Shivam Verma 2021-01-06
50053 WordPress Plugin litespeed cache 3.6 - ˙server_ip˙ Cross-Site Scripting webapps PHP Nhat Ha 2021-01-06
50054 Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE webapps PHP Kshitiz Raj 2021-01-06
50055 Responsive E-Learning System 1.0 - Stored Cross Site Scripting webapps PHP Kshitiz Raj 2021-01-06
50056 WordPress Plugin WP24 Domain Check 1.6.2 - ˙fieldnameDomain˙ Stored Cross Site Scripting webapps PHP Mehmet Kelepçe 2021-01-06
50057 Newgen Correspondence Management System (corms) eGov 12.0 - IDOR webapps Multiple ALI AL SINAN 2021-01-06
50058 WinAVR Version 20100110 - Insecure Folder Permissions local Windows Mohammed Alshehri 2021-01-06
50059 Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated) webapps PHP Arnav Tripathy 2021-01-06
50060 Resumes Management and Job Application Website 1.0 - Multiple Stored XSS webapps PHP Arnav Tripathy 2021-01-06
50061 PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation local Windows 1F98D 2021-01-06
50062 Gitea 1.7.5 - Remote Code Execution webapps Multiple 1F98D 2021-01-06
50063 H2 Database 1.4.199 - JNI Code Execution local Java 1F98D 2021-01-06
50064 Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated) webapps Java 1F98D 2021-01-06
50029 Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - ˙IAANTMON˙ Unquoted Service Path local Windows Geovanni Ruiz 2021-01-05
50030 IncomCMS 2.0 - Insecure File Upload webapps Multiple MoeAlBarbari 2021-01-05
50031 House Rental and Property Listing 1.0 - Multiple Stored XSS webapps PHP Mohamed habib Smidi 2021-01-05
50032 Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) webapps PHP Kshitiz Raj 2021-01-05
50033 WordPress Plugin Stripe Payments 2.0.39 - ˙AcceptStripePayments-settings[currency_code]˙ Stored XSS webapps PHP Park Won Seok 2021-01-05
50034 WordPress Plugin WP-Paginate 2.1.3 - ˙preset˙ Stored XSS webapps PHP Park Won Seok 2021-01-05
50035 Online Movie Streaming 1.0 - Authentication Bypass webapps PHP Kshitiz Raj 2021-01-05
50036 Responsive E-Learning System 1.0 - ˙id˙ Sql Injection webapps PHP Kshitiz Raj 2021-01-05
50037 Baby Care System 1.0 - ˙Post title˙ Stored XSS webapps PHP Hardik Solanki 2021-01-05
50038 Responsive FileManager 9.13.4 - ˙path˙ Path Traversal webapps PHP Sun* Cyber Security Research Tea 2021-01-05
50039 Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated) webapps Linux Jeremy Brown 2021-01-05
50040 HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities webapps Multiple Jeremy Brown 2021-01-05
50041 Cassandra Web 0.5.0 - Remote File Read webapps Linux Jeremy Brown 2021-01-05
50042 Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission local Windows Adrian Bondocea 2021-01-05

<< back <<     >> next >>

Dávid Balázsi

Data Scientist - Founder

David is a multiple time awarded programmer known for his creativity and inventions,- one of his invention was the gesture directed mouse 5 years before it did hit the market. Awards:
2012 Invitel Innoapps special award
2011 Invitel Innoapps special award
2011 Southern Transdanubia Regional Innovation Agency special award
2011 Enterprise Europe Network special award
2005 International Programmers Neumann competition 1st place
2004 International Programmers Neumann competition 2nd place

Andrew Gecse

Ethical Hacker - Founder

Andrew is one of the most well-known hackers in Europe, often a one-man army as himself alone completed more security assessments than several IT companies combined. He also has been a presenter of conferences, tutor for universities, and Security Expert of several Fortune 100 companies. His recent projects include banks and government sites in Kuwait.
Andrew is a Certified Ethical Hacker and has been chosen Hacker Hall of Fame.

Email

info@blackanalytica.com

Phone

+48 (459) 356-190