header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
Remote Code Execution (572)
Remote Command Execution (328)
Command Injection (327)
Remote Code Execution (RCE) (108)
Command Execution (83)
OS Command Injection (57)
Arbitrary Command Execution (51)
Remote Command Injection (34)
Code Execution (21)
Authenticated Remote Code Execution (18)
Remote Command Execution (RCE) (18)
Arbitrary Code Execution (11)
Cross-Site Scripting (10)
Directory Traversal (10)
Shellshock (10)
Unauthenticated Remote Code Execution (10)
OS Command Injection [CWE-78] (9)
SQL Injection (9)
Unauthenticated Remote Command Execution (9)
Code Injection (8)
Remote Code Injection (8)
Remote Arbitrary Command Execution (7)
Remote PHP Code Injection (7)
PHP Code Injection (6)
Privilege Escalation (6)
RCE (6)
Arbitrary PHP Code Execution (5)
Authenticated Command Injection (5)
Authentication Bypass (5)
LFI (5)
OS Command Execution (5)
Remote PHP Code Execution (5)
XSS (5)
Authenticated OS Command Injection (4)
Authenticated Remote Command Execution (4)
Buffer Overflow (4)
Local Privilege Escalation (4)
Unauthenticated Remote Code Execution | RCE (4)
Unquoted Service Path (4)
Use of Hard-coded Credentials [CWE-798] (4)
Arbitrary File Download (3)
Authenticated Arbitrary PHP Code Execution (3)
CSV Injection (3)
HTML Injection (3)
Improper Neutralization of Special Elements used in an OS Command (3)
Input Validation (3)
Local File Inclusion (3)
Metacharacter Injection (3)
PHP Code Execution (3)
PowerShell Single Quote Code Execution / Event Log Bypass (3)
78
No results found
89 (8351)
79 (5937)
119 (4722)
78 (2037)
22 (1944)
98 (1882)
N/A (1389)
200 (1304)
400 (1281)
264 (1205)
287 (1099)
352 (1097)
120 (1032)
94 (1031)
20 (1026)
Unknown (897)
434 (850)
269 (267)
416 (254)
284 (219)
121 (196)
134 (187)
190 (149)
399 (138)
611 (120)
426 (115)
476 (110)
Buffer Overflow (110)
120 (Buffer Copy without Checking Size of Input) (104)
362 (95)
125 (92)
601 (87)
428 (86)
843 (86)
502 (85)
787 (84)
798 (79)
122 (77)
427 (73)
Not mentioned (70)
522 (65)
Not provided (59)
80 (55)
259 (54)
918 (44)
113 (40)
285 (40)
613 (39)
614 (37)
None (35)
CPE
No results found
N/A (486)
None (16)
a:freepbx:freepbx (8)
Unknown (8)
a:twiki:twiki (6)
a:microsoft:iis (5)
a:rconfig:rconfig (5)
a:codiad:codiad (4)
a:cpanel:cpanel (4)
a:php:php (4)
a:webmin:webmin (4)
o:sgi:irix (4)
o:sun:solaris (4)
a:boiteasite:cmsuno:1.6.2 (3)
a:cacti:cacti:1.2.8 (3)
a:codeastro:real_estate_management_system:1.0 (3)
a:f5:big-ip (3)
a:gitlab:gitlab (3)
a:jedox:jedox (3)
a:manageengine:opmanager (3)
a:pi-hole:pi-hole (3)
a:sophos:web_appliance (3)
a:studio-42:elfinder:2.1.53 (3)
a:wordpress:wordpress (3)
a:zabbix:zabbix_server (3)
a:zeroshell:zeroshell (3)
o:microsoft:windows (3)
2.0 (2)
2.3.2002 (2)
2.3.4 (2)
2.3.x (2)
a:ajenti:ajenti:2.1.31 (2)
a:alienvault:ossim (2)
a:apache:james_server:2.3.2 (2)
a:cacti:cacti (2)
a:centreon:centreon (2)
a:csz_cms:csz_cms:1.3.0 (2)
a:dnstools:dnstools (2)
a:druva:insync:6.6.3 (2)
a:easywall:easywall:0.3.1 (2)
a:flatnuke:flatnuke:2.5.5 (2)
a:fusionpbx:fusionpbx (2)
a:gnu:bash (2)
a:hewlett_packard_enterprise:intelligent_management_center (2)
a:hewlett_packard:data_protector (2)
a:imagemagick:imagemagick (2)
a:invision_power_services:invision_power_board (2)
a:klog_server:klog_server:2.4.1 (2)
a:kootenay_web_inc:whois (2)
a:manageengine:adselfservice_plus (2)
Vendor
No results found
N/A (130)
Microsoft (35)
D-Link (23)
WordPress (21)
Sourcecodester (20)
Oracle (19)
Apache (18)
HP (18)
Cisco (15)
NETGEAR (15)
Apple (14)
Sun (13)
Nagios (10)
GNU (9)
Hewlett Packard (9)
Linksys (9)
ManageEngine (9)
Sophos (9)
Symantec (9)
Twiki (9)
Inc (8)
PHP (8)
SGI (8)
TP-Link (8)
Asus (7)
Cacti (7)
Centreon (7)
Novell (7)
rConfig (7)
Trend Micro (7)
vBulletin (7)
GitLab (6)
IBM (6)
Ltd. (6)
Webmin (6)
Zabbix (6)
AlienVault (5)
Citrix (5)
cPanel (5)
F5 (5)
FreePBX (5)
pfSense (5)
Rejetto (5)
SAP (5)
Seagate (5)
Studio-42 (5)
Synology (5)
Unknown (5)
CMS Made Simple (4)
Codiad (4)
Product Name
No results found
N/A (35)
Irix (10)
Cacti (9)
rConfig (9)
Solaris (9)
FreePBX (8)
IIS (8)
PHP (8)
Twiki (8)
pfSense (7)
Bash (6)
Centreon (6)
AWStats (5)
Mac OS X (5)
PHPMailer (5)
vBulletin (5)
Webmin (5)
BIG-IP (4)
CMS Made Simple (4)
Codiad (4)
cPanel (4)
exim (4)
GitLab (4)
IPFire (4)
Moodle (4)
MySQL (4)
Nagios XI (4)
OpenEMR (4)
Pandora FMS (4)
Pi-hole (4)
ProFTPD (4)
Routers (4)
Trixbox (4)
Web Appliance (4)
Windows PowerShell (4)
WordPress (4)
ZeroShell (4)
Apache HTTP Server (3)
Atemio AM 520 HD Full HD satellite receiver (3)
CMSUno (3)
CSZ CMS (3)
CuteNews (3)
Data Protector (3)
Easywall (3)
elFinder (3)
Fuel CMS (3)
FusionPBX (3)
Git (3)
GL.iNet (3)
GLPI (3)
Version
From
No results found
N/A (247)
Unknown (69)
3.1 (54)
1 (35)
1.0 (33)
2.0 (12)
2 (10)
1.3 (8)
2.0.0 (7)
1.1 (6)
1.2 (6)
2.2 (6)
3.0 (6)
All (6)
not specified (6)
1.0.0 (5)
1.4 (5)
2.0.1 (5)
2.3 (5)
6 (5)
All versions (5)
0.8 (4)
1.3.2000 (4)
1.6 (4)
3 (4)
4.0.1 (4)
5.0.0 (4)
5.4 (4)
Personal Web Server 1.0 (4)
v1.0 (4)
0.1 (3)
01.01 (3)
01.02 (3)
1.0.2 (3)
1.1.2000 (3)
1.4.1 (3)
1.4.2 (3)
1.4.2000 (3)
1.4.2002 (3)
1.5.0 (3)
2.1 (3)
2.1.53 (3)
2.2.1 (3)
2.3.x (3)
2.5 (3)
2.6.0 (3)
2.6.1 (3)
2.7 (3)
2.8.4 (3)
2.x (3)
To
No results found
N/A (274)
Unknown (88)
1.0 (33)
1 (32)
3.5-RC7 (28)
2.0 (9)
not specified (8)
1.1 (7)
2 (7)
2.2 (6)
6 (6)
All (6)
All versions (6)
1.2 (5)
1.3 (5)
2.0.1 (5)
None (5)
0.1 (4)
0.8 (4)
1.0.2 (4)
1.1.2000 (4)
1.3.2000 (4)
1.4 (4)
2.0.0 (4)
2.11 (4)
2.3.x (4)
2.6.1 (4)
3.0 (4)
Personal Web Server 3.0 (4)
1.4.1 (3)
1.4.2 (3)
1.6 (3)
1.6.1 (3)
1.6.2 (3)
1.8 (3)
2.0.2 (3)
2.1 (3)
2.1.53 (3)
2.2.1 (3)
2.3 (3)
2.3.2002 (3)
2.6.0 (3)
2.7 (3)
2.8.4 (3)
2.x (3)
3 (3)
3.2.1 (3)
4.2 (3)
4.3.2007 (3)
5 (3)
Severity Type
No results found
HIGH (1624)
CRITICAL (280)
N/A (103)
MEDIUM (29)
(AV:N/AC:M/Au:S/C:C/I:C/A:C) (1)
Severity Number
No results found
7.5 (502)
9.8 (297)
9 (285)
7 (254)
8 (250)
5 (231)
8.8 (151)
3 (136)
N/A (118)
9.3 (89)
Exploit Author
No results found
SecurityFocus (207)
Unknown (55)
rgod (45)
juan vazquez (41)
Anonymous (28)
LiquidWorm (28)
Gjoko 'LiquidWorm' Krstic (25)
N/A (20)
Brendan Coles (17)
hdm (16)
Ahmet Ümit BAYRAM (12)
milw0rm.com (12)
sinn3r (12)
jduck (10)
Askar (9)
Dawid Golunski (9)
h00die (9)
Metin Yunus Kandemir (9)
Chris Lyne (8)
Mehmet Ince (8)
Michael Messner (8)
tmrswrr (8)
cijfer (7)
dun (7)
Kingcope (7)
Kw3[R]Ln (7)
Spabam (7)
wvu (7)
1F98D (6)
Egidio Romano aka EgiX (6)
EgiX (6)
Hessam-x (6)
Kacper (a.k.a Rahim) (6)
Kacper Szurek (6)
Karn Ganeshen (6)
mr_me (6)
Osirys (6)
R-73eN (6)
1dt.w0lf (5)
Ahmed Alroky (5)
bcoles (5)
Christian Vierschilling (5)
Claudio Viviani (5)
David Yesland (5)
Halit AKAYDIN (hLtAkydn) (5)
hyp3rlinx (5)
Jacob Baines (5)
James Fitts (5)
Joernchen (5)
John Page (aka hyp3rlinx) (5)
Platforms Tested
No results found
N/A (402)
Linux (360)
Windows (225)
None (166)
unix (138)
Mac (83)
Windows 10 (29)
PHP (23)
Apache (19)
All (17)
Unknown (17)
Ubuntu (15)
Kali Linux (12)
Windows 7 (11)
Debian (10)
macOS (10)
Solaris (10)
Ubuntu 20.04 (10)
CentOS (9)
Linux & Windows (8)
iOS (7)
Python (7)
Windows 11 (7)
Centos 7 (6)
Irix (6)
Linux x64_x86 (6)
Ubuntu 22.04 (6)
Windows XP (6)
Windows XP SP3 (6)
Xampp (6)
Apache/2.4.7 (Win32) (5)
Kali Linux 2020.2 (5)
MySQL 5.6.14 (5)
Not Specified (5)
PHP 7.4.14 (5)
PHP/5.5.6 (5)
Ubuntu 18.04 (5)
*BSD (4)
Debian 7 (4)
Debian 9 (4)
FreeBSD (4)
GNU/Linux (4)
Mac OS X (4)
Microsoft Windows 7 Ultimate SP1 (EN) (4)
NA (4)
Ubuntu 16.04 (4)
Windows 10 x64 (4)
Windows 8 (4)
WordPress (4)
Apache-Coyote/1.1 (3)
Year
Year
No results found
2020 (229)
2021 (118)
2002 (112)
2013 (109)
2018 (107)
2009 (105)
2019 (101)
2014 (97)
2017 (93)
2006 (86)
2008 (86)
2022 (86)
2005 (85)
2016 (85)
2012 (67)
2015 (66)
2023 (65)
2010 (48)
Unknown (43)
2001 (42)
2011 (39)
2007 (27)
2003 (21)
2024 (16)
2000 (15)
2004 (12)
1999 (8)
Not Specified (8)
1998 (6)
N/A (3)
1994 (1)
1996 (1)
2015-2016 (1)
Before 2020 (1)
Dec 16 20 (1)
Feb 05 2013 (1)
May 21 2017 (1)
May 3 2017 (1)
Reported (1)
Unreleased (1)

Explore all Exploits:

dizqueTV 1.5.3 – Remote Code Execution (RCE)

dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)

The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

FreePBX 16 – Authenticated Remote Code Execution (RCE)

The FreePBX versions 14, 15, and 16 are vulnerable to an Authenticated Remote Code Execution (RCE) exploit. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This exploit allows an attacker to execute commands on the target system, potentially leading to a full compromise.

Palo Alto PAN-OS Command Injection and Arbitrary File Creation

The Palo Alto PAN-OS versions prior to 11.1.2-h3 are vulnerable to command injection and arbitrary file creation. An attacker can exploit this vulnerability to execute arbitrary commands and create files on the target system. This vulnerability has been assigned the CVE ID CVE-2024-3400.

SofaWiki 3.9.2 – Remote Command Execution (RCE) (Authenticated)

The exploit allows an authenticated attacker to execute arbitrary commands on the target system. By uploading a PHP shell through the 'uploadedfile' parameter in the 'index.php' script, the attacker can run system commands via the 'cmd' parameter in the uploaded PHP shell.

Recent Exploits:

cqrsecured