header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
SQL Injection (215)
Cross-Site Scripting (86)
Buffer Overflow (84)
Denial of Service (83)
Remote Code Execution (78)
Authentication Bypass (62)
Directory Traversal (53)
Cross-Site Request Forgery (CSRF) (46)
Remote File Inclusion (44)
Cross-Site Request Forgery (38)
Remote Command Execution (34)
Information Disclosure (31)
Local File Inclusion (31)
Command Injection (26)
Cross-Site Scripting (XSS) (24)
Blind SQL Injection (23)
Remote File Include (23)
Privilege Escalation (21)
Stored XSS (21)
Path Traversal (17)
Arbitrary File Upload (16)
Cross-Site Request Forgery [CWE-352] (14)
CSRF (14)
SQL Injection (CWE-89) (13)
Unauthorized Access (13)
XSS (13)
OS Command Injection (12)
Insecure Cookie Handling (11)
Cross site scripting [CWE-79] (10)
Remote Denial of Service (10)
Remote SQL Injection (10)
Stored Cross Site Scripting (10)
Denial of Service (DoS) (9)
PHP Object Injection (8)
Remote File Include Vulnerability (8)
Persistent XSS (7)
XML External Entity Injection (7)
Arbitrary File Download (6)
HTML Injection (5)
None (5)
Persistent Cross Site Scripting (5)
PHP Code Injection (5)
Reflected Cross-Site Scripting (5)
Reflected XSS (5)
Remote File Inclusion (RFI) (5)
Remote File Upload (5)
Use-After-Free (5)
Code Injection (4)
Heap-overflow (4)
Local File Include (4)
CWE
No results found
89 (312)
79 (254)
78 (166)
352 (140)
287 (132)
22 (114)
98 (96)
119 (93)
200 (93)
400 (72)
20 (62)
94 (59)
120 (45)
264 (41)
434 (33)
284 (23)
611 (23)
N/A (16)
None (15)
502 (12)
416 (10)
522 (9)
798 (8)
476 (7)
918 (7)
134 (6)
190 (6)
269 (6)
399 (6)
601 (6)
Unknown (6)
120 (Buffer Copy without Checking Size of Input) (5)
285 (5)
384 (5)
614 (5)
80 (4)
121 (3)
122 (3)
125 (3)
259 (3)
306 (3)
362 (3)
521 (3)
592 (3)
787 (3)
843 (3)
129 (2)
23 (2)
255 (2)
532 (2)
CPE
No results found
N/A (72)
None (55)
a:joomla:joomla (11)
a:wordpress:wordpress (11)
o:freebsd:freebsd (8)
Unknown (7)
a:netsweeper:netsweeper (5)
h:compro_technology:ip_camera (5)
h:kzbtech:jt3500v (5)
o:sgi:irix:6.2 (5)
a:enalean:tuleap (4)
a:mybb:mybb (4)
a:zoho:manageengine_servicedesk_plus:9.3 (4)
h:selea:targa_ip_ocr-anpr_camera (4)
o:sgi:irix (4)
a:apache:http_server (3)
a:geeklog:geeklog (3)
a:invision_power_services:invision_power_board (3)
a:php:php:5.3.3 (3)
a:subsonic:subsonic (3)
a:wordpress:simple_ads_manager (3)
a:zeuscart:zeuscart:4.0 (3)
h:microhard_systems:ipn4g (3)
h:yealink:voip_phone_sip-t38g (3)
Netsweeper (3)
osticket (3)
SAP:Netweaver (3)
SAP:NetWeaver_AS_JAVA (3)
testlink (3)
2.8 (2)
2.9.0 (2)
a:apache:tomcat (2)
a:apboard:apboard (2)
a:bg5sbk:minicms:1.10 (2)
a:cmailserver:cmailserver:4.0.2003.03.27 (2)
a:cobub:razor:0.8.0 (2)
a:collabtive:collabtive (2)
a:cyberark:enterprise_password_vault (2)
a:dnstools:dnstools (2)
a:domainmod:domainmod (2)
a:drupal:drupal (2)
a:e-ticketing:e-ticketing (2)
a:eq-3:homematic_ccu2 (2)
a:extropia:bbs_forum:1.0 (2)
a:f5:big-ip (2)
a:gitlab:gitlab (2)
a:gnu:wget (2)
a:greencms:greencms:2.3.0603 (2)
a:horde:horde_groupware_webmail_edition (2)
a:ibm:websphere_edge_server (2)
Vendor
No results found
WordPress (57)
Cisco (26)
D-Link (26)
Joomla! (21)
NETGEAR (20)
None (18)
Oracle (18)
Apache (17)
PHP (14)
SAP (12)
FreeBSD (11)
IBM (11)
Inc (10)
N/A (10)
Adobe (8)
Netsweeper (8)
SGI (8)
HP (7)
Invision Power Services (7)
Linksys (7)
Ltd. (7)
Novell (7)
Apple (6)
Asus (6)
Belkin (6)
Drupal (6)
Hewlett Packard (6)
Huawei (6)
IPSwitch (6)
KZ Broadband Technologies (6)
Ltd. | Jaton Technology (6)
MyBB (6)
phpBB (6)
Symantec (6)
Tenda (6)
TP-Link (6)
vBulletin (6)
Compro Technology (5)
Geeklog (5)
Horde (5)
ManageEngine (5)
Nagios (5)
Yealink (5)
ZTE (5)
AlienVault (4)
Enalean (4)
F5 (4)
GNU (4)
Microhard Systems Inc. (4)
Microsoft (4)
Product Name
No results found
WordPress (12)
FreeBSD (9)
Irix (9)
Joomla (9)
PHP (9)
IP Camera (7)
Netsweeper (7)
None (7)
Geeklog (5)
JT3500V (5)
ManageEngine ServiceDesk Plus (5)
MyBB (5)
vBulletin (5)
Invision Power Board (4)
IPn4G (4)
phpBB (4)
Tuleap (4)
VoIP Phone SIP-T38G (4)
BIG-IP (3)
BigTree CMS (3)
ClipBucket (3)
CMS (3)
Coldfusion (3)
CubeCart (3)
DomainMod (3)
Drupal (3)
eDirectory (3)
HTTP Server (3)
Irix 6.2 (3)
M/Monit (3)
Mantis Bug Tracker (3)
Nessus (3)
Netweaver (3)
NetWeaver AS JAVA (3)
OpenBSD (3)
OSSIM/USM (3)
osTicket (3)
PHP-Fusion (3)
phpMyAdmin (3)
Piwigo (3)
PlayStation 4 (3)
Simple Ads Manager (3)
subsonic (3)
Targa IP OCR-ANPR Camera (3)
TestLink (3)
Unknown (3)
Web Gateway (3)
XM Easy Personal FTP Server (3)
ZXV10 W300 (3)
acFTP (2)
Version
From
No results found
3.1 (74)
1 (51)
Unknown (37)
1.0 (33)
N/A (17)
1.1 (12)
All versions (12)
None (11)
2.0 (10)
2 (8)
3 (8)
1.2 (7)
2.1 (7)
2.2 (7)
All (7)
1.0.2 (6)
1.0.3 (6)
1.3 (6)
1.7 (6)
2.0.0B01 (6)
2.5 (6)
3.0 (6)
0.1 (5)
1.0.1 (5)
1.5.0 (5)
Compro IP70 2.08_7130218 (5)
Irix 6.2 (5)
Zoho ManageEngine ServiceDesk Plus 9.3 (5)
0.4 (4)
1.0.0.0 (4)
1.0.8 (4)
1.4.2 (4)
1.5 (4)
1.8 (4)
2.2.0 (4)
3.5 (4)
4.0.8 (4)
BLD201113005214 (4)
IP570 2.08_7130520 (4)
IP60 (4)
IPn4G 1.1.0 build 1098 (4)
SAP NetWeaver AS JAVA 7.1 (4)
TN540 (4)
VoIP Phone SIP-T38G (4)
02.01 (3)
1.0.0 (3)
1.02 (3)
1.10 (3)
1.2.7 (3)
1.3.2002 (3)
To
No results found
3.5-RC7 (47)
1 (41)
Unknown (36)
1.0 (27)
None (22)
1.2 (18)
N/A (17)
1.1 (13)
All versions (12)
2.0 (9)
2.2 (9)
1.0.2 (8)
2.1 (8)
2 (7)
3 (7)
All (7)
1.0.1 (6)
1.0.3 (6)
1.7 (6)
2.0.1B1064 (6)
2.5 (6)
3.1 (6)
0.1 (5)
1.10 (5)
1.3 (5)
1.3.2002 (5)
3.0 (5)
IP60 (5)
TN540 (5)
Zoho ManageEngine ServiceDesk Plus 9.3 (5)
0.4 (4)
3.3 (4)
3.5 (4)
4.0.8 (4)
BLD191021180140 (4)
Compro IP70 2.08_7130218 (4)
Dragon-LTE 1.1.0 build 1036 (4)
IP570 2.08_7130520 (4)
Irix 6.2 (4)
SAP NetWeaver AS JAVA 7.5 (4)
VoIP Phone SIP-T38G (4)
02.01 (3)
1.4.2 (3)
1.5 (3)
1.5.0 (3)
1.6 (3)
1.8 (3)
2.0.1 (3)
2.0.3 (3)
2.0.5 (3)
Severity Type
No results found
HIGH (1363)
MEDIUM (250)
CRITICAL (140)
N/A (60)
LOW (14)
Severity Number
No results found
5 (441)
7.5 (431)
7 (419)
8 (249)
9 (164)
8.8 (154)
3 (81)
9.8 (67)
N/A (61)
6 (56)
Exploit Author
No results found
SecurityFocus (213)
High-Tech Bridge Security Research Lab (57)
Mark Stanislav (21)
milw0rm.com (19)
LiquidWorm (17)
Anonymous (15)
John Page (aka hyp3rlinx) (15)
Redteam Pentesting (14)
Todor Donev (14)
Ismail Tasdelen (12)
None (12)
Anastasios Monachos (11)
hyp3rlinx (10)
Miroslav Stampar (10)
Unknown (10)
icekam (8)
Jerzy Kramarz (8)
t0pP8uZz (8)
ajann (7)
Dolev Farhi (7)
Jakub Palaczynski (7)
Kacper Szurek (7)
Karn Ganeshen (7)
Larry W. Cashdollar (7)
Manuel García Cárdenas (7)
Tim Coen of Curesec GmbH (7)
Aesthetico (6)
cr4wl3r (6)
Dawid Golunski (6)
dxw (6)
Ihsan Sencan (6)
James Bercegay (6)
Julien Ahrens (6)
nuffsaid (6)
SEC Consult Vulnerability Lab (6)
shinnai (6)
Stack (6)
An independent security researcher (5)
CWH Underground (5)
Dhiraj Mishra (5)
Martin Gallo (5)
nu11secur1ty (5)
Rainbow (5)
Secunia Research (5)
Sid3^effects aKa haRi (5)
tfsec (5)
xiao13 (5)
athos (4)
Bhadresh Patel (4)
Egidio Romano aka EgiX (4)
None
No results found
N/A (12658)
Windows (4998)
Linux (3440)
None (1839)
Mac (981)
Unknown (939)
Windows XP SP3 (683)
WiN7_x64/KaLiLinuX_x64 (546)
Windows 10 (529)
unix (487)
Windows 7 (410)
Kali Linux (332)
PHP (305)
Kali linux X64 (296)
Win7 x64 (276)
Windows XP SP2 (267)
Windows XP (233)
WordPress (196)
iOS (151)
All (142)
Not mentioned (132)
macOS (126)
Ubuntu (120)
Microsoft Windows (117)
Not Specified (106)
Solaris (105)
Apache (99)
Windows 7 x64 (98)
Android (96)
Xampp (91)
FreeBSD (90)
Windows 10 Pro x64 es (80)
Mac OS X (78)
Windows 2000 (77)
Windows 10 x64 (73)
Ubuntu 18.04 (72)
Windows 7 SP1 (70)
Windows Vista (70)
Not provided (69)
Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) (68)
Windows 7 x86 (67)
Windows XP SP3 EN (62)
Kali Linux 2.0 (59)
Windows 10 Pro (59)
Windows XP Professional SP2 (59)
Debian (55)
Linux & Windows (55)
Windows XP Professional SP2 with Internet Explorer 7 (53)
Java (51)
Microsoft Windows XP Professional SP3 (EN) (50)
Year
Year
No results found
2018 (157)
2020 (149)
2009 (139)
2008 (123)
2014 (118)
2002 (117)
2017 (112)
2013 (110)
2015 (105)
2016 (88)
2006 (87)
2012 (84)
2010 (81)
2019 (80)
2011 (56)
2005 (44)
2021 (39)
2001 (31)
2003 (25)
2004 (21)
Unknown (16)
2000 (14)
2007 (9)
1998 (3)
2023 (3)
None (3)
1996 (2)
1997 (2)
1999 (2)
2015-2016 (2)
Pending (2)
1994 (1)
20ll (1)
Awaiting assignment (1)
Found in 2020 (1)
N/A (1)
TBD (1)

Explore all Exploits:

Show More

Shuttle-Booking-Software v1.0 – Multiple-SQLi

The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. By submitting a single quote or two single quotes in the location_id parameter, an attacker can trigger a database error message or retrieve information from the database.

8.1
CVSS
CRITICAL
SQL Injection
CWE
Product Name
Shuttle-Booking-Software
Platforms Tested
None
Affected Version
From:
1
To:
1
2023
Show More

Online ID Generator 1.0 – Remote Code Execution (RCE)

The Online ID Generator 1.0 is vulnerable to remote code execution. It allows an attacker to bypass login using SQL injection and upload a malicious shell to execute arbitrary code on the server. By accessing the uploaded shell via a remote browser, the attacker can achieve remote code execution.

8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
CWE
Product Name
Online ID Generator 1.0
Platforms Tested
None
Affected Version
From:
1
To:
1
2023
Show More

?ross-Site Request Forgery (CSRF) in TestLink: CVE-2012-2275

The application allows authorized users to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to add, delete or modify sensitive information, for example to change administrator's email. An attacker should make logged-in administrator open a malicious link in the browser to exploit this vulnerability.

5.1
CVSS
MEDIUM
Cross-Site Request Forgery [CWE-352]
352
CWE
Product Name
TestLink
Platforms Tested
None
Affected Version
From:
1.9.2003
To:
1.9.2003
2012
Show More

?ross-Site Request Forgery (CSRF) in XCloner Standalone

The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and change administrator’s password or execute arbitrary system commands on vulnerable system with privileges of the webserver.

7.6
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name
XCloner Standalone
Platforms Tested
None
Affected Version
From:
3.5
To:
3.5
2014
Show More

Pointter PHP Micro-Blogging Social Network’ Unauthorized Privilege Escalation (CVE-2010-4333)

A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.

7.5
CVSS
HIGH
Unauthorized Privilege Escalation
287
CWE
Product Name
Pointter PHP Micro-Blogging Social Network
Platforms Tested
None
Affected Version
From:
1.8
To:
1.8
2010
Show More

WSN Links’ SQL Injection Vulnerability (CVE-2010-4006)

A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the testing done, various 'UNION SELECT' SQL injections can occur.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
WSN Links
Platforms Tested
None
Affected Version
From:
< 6.0.1
To:
< 5.0.81
2010

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR

cqrsecured