header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Cross-Site Scripting (XSS)
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
79 (823)
89 (37)
200 (14)
352 (9)
22 (7)
79 (XSS) (5)
400 (4)
79 (Cross-site Scripting) (4)
89 (SQL Injection) (4)
264 (3)
522 (3)
200 (Information Exposure) (2)
209 (2)
285 (2)
287 (2)
434 (2)
80 (2)
Unknown (2)
113 (1)
117 (1)
200 (Information Disclosure) (1)
22 (Path Traversal) (1)
311 (1)
399 (1)
400 (DoS) (1)
434 (File Upload) (1)
538 (1)
601 (1)
611 (1)
639 (1)
79 (Improper Neutralization of Input During Web Page Generation) (1)
798 (1)
863 (1)
94 (1)
94 (Improper Control of Generation of Code) (1)
98 (1)
Cross-Site Scripting (XSS) (1)
N/A (1)
CPE
No results found
N/A (77)
Not mentioned (12)
Not provided (12)
Unknown (9)
Not Specified (7)
a:vtiger:vtiger_crm:5.2.1 (3)
Not Available (3)
2.7.17 (2)
a:absolute_news_manager:.net:5.1 (2)
a:accela:civic_platform:21.1 (2)
a:apache:tomcat (2)
a:contec:solarview_compact:6.00 (2)
a:domainmod:domainmod (2)
a:fusetalk:fusetalk (2)
a:microsoft:internet_explorer (2)
a:mybb:mybb (2)
a:otrs:otrs (2)
a:petrol_pump_management_software:petrol_pump_management_software:1.0 (2)
a:qdpm:qdpm:9.1 (2)
a:ruubikcms:ruubikcms:1.0.3 (2)
jquery (2)
//a:d_link:dkvm_ip8 (1)
2.3:a:blondish.net:phpads:2.0 (1)
2.3:a:chiyu_tech:bf-430:*:*:*:*:*:*:* (1)
2.3:a:cksource:ckeditor5:35.4.0 (1)
2.3:a:ipswitch:imail_server:11.01 (1)
2.3:a:netiq:access_manager:4.0:sp1:*:*:*:*:*:*:* (1)
2.3:a:phpgurukul:hostel_management_system:2.1 (1)
2.3:a:remoteclinic:remoteclinic:2.0.0 (1)
2.3:a:subrion:subrion:4.2.1 (1)
2.3:a:wordpress:contact_form_entries:1.1.6 (1)
2.3:a:wordpress:contact_forms_builder:1.6.1 (1)
2.3:a:wordpress:cp_multi_view_calendar:1.4.06 (1)
2.3:a:wordpress:jetpack (1)
2.3:a:wordpress:post_grid:2.1.1 (1)
2.3:a:wordpress:wordpress_plugin_product_slider_for_woocommerce:1.13.21 (1)
2.3:a:wordpress:wpforms_lite:1.7.8 (1)
2.3:a:xmind:xmind:2020 (1)
2.3:a:xnau:participants_database:1.7.5.9 (1)
2.3:a:zippy:zstore:6.6.0 (1)
2.3:beta:build_174:hfs (1)
2.4.8:3.3.8 (1)
a:ability_server_project:ability_mail_server:1.18 (1)
a:achievo:achievo:1.4.3 (1)
a:activekb:activekb_nx:2.6 (1)
a:acunetix:wp_security:3.0.3 (1)
a:adiscon:password_manager_for_iis:2.0 (1)
a:adminimize_project:adminimize (1)
a:adobe:coldfusion (1)
a:adobe:flash_player (1)
Vendor
No results found
WordPress (37)
N/A (30)
Unknown (18)
Not provided (8)
IBM (7)
Microsoft (7)
vBulletin (7)
Joomla! (6)
Oracle (6)
Apache (5)
Atlassian (5)
Not mentioned (5)
PHPGurukul (5)
Adobe (4)
phpBB (4)
TP-Link (4)
Absolute News Manager (3)
Fortinet (3)
FuseTalk (3)
Liferay (3)
ManageEngine (3)
Mozilla (3)
MyBloggie (3)
Not specified (3)
Petrol Pump Management Software (3)
PHP-Nuke (3)
phpjabbers (3)
Ruubikcms (3)
Sourcecodester (3)
vtiger (3)
Accela (2)
Adiscon (2)
AfterLogic (2)
Apple (2)
AShop (2)
Axis Communications (2)
Beehive Forum (2)
BMC (2)
Cerberus Helpdesk (2)
Cisco (2)
CMSimple (2)
Commercial Interactive Media (2)
Contao (2)
Contec (2)
D-Link (2)
DiamondList (2)
Docebo (2)
Dojo (2)
dolibarr (2)
DomainMod (2)
Product Name
No results found
N/A (14)
vBulletin (6)
WordPress (5)
Joomla (4)
Firefox (3)
FlySpray (3)
Internet Explorer (3)
Jira (3)
MyBloggie (3)
Petrol Pump Management Software (3)
Ruubikcms (3)
Vtiger CRM (3)
Zikula Application Framework (3)
207W Network Camera (2)
Absolute News Manager .NET (2)
Advanced Poll (2)
AShop Deluxe and AShop Administration Panel (2)
ATutor (2)
Cerberus Helpdesk (2)
Civic Platform (2)
CMSimple (2)
Contao (2)
DCP Portal (2)
DiamondList (2)
Dolibarr (2)
DomainMod (2)
Flexmonster Pivot Table & Charts (2)
FuseTalk (2)
GetSimple CMS (2)
Hostel Management System (2)
IntranetApp (2)
JD Edwards EnterpriseOne (2)
JetBox CMS (2)
Jetpack (2)
jQuery (2)
Liferay Portal (2)
LiteSpeed Web Server (2)
Logitech Media Server (2)
MyBB (2)
MySmartBB (2)
NPDS REvolution (2)
Opera (2)
OTRS Open Technology Real Services (2)
Phorum (2)
PHP-Nuke (2)
PHP-Post (2)
phpBB (2)
PHPGroupWare (2)
phpMyAdmin (2)
phpWebSite (2)
Version
From
No results found
Unknown (78)
N/A (59)
1 (19)
2.1 (9)
3.1 (9)
2 (8)
1.0 (6)
1.0.1 (6)
1.2 (4)
1.6 (4)
2.3 (4)
4 (4)
6 (4)
All versions (4)
0.5 (3)
0.9 (3)
02.01 (3)
1.0.3 (3)
1.2.2002 (3)
2.0.0 (3)
2.0.2 (3)
2.1.2005 (3)
3.0.0 (3)
5.1 (3)
Not mentioned (3)
Not provided (3)
not specified (3)
vtiger CRM 5.2.1 (3)
< 3.2 (2)
0.2 (2)
0.7-alpha (2)
1.0.0 (2)
1.0.6 (2)
1.1 (2)
1.1.2001 (2)
1.1.2004 (2)
1.2.2000 (2)
1.3 (2)
1.5 (2)
1.5.2002 (2)
1.8.2005 (2)
2.1.2001 (2)
2.2 (2)
2.7.17 (2)
2000.1.6 (2)
2000.3.6 (2)
2000.9.5 (2)
3.0 (2)
3.1.0 RC (2)
3.1.2005 (2)
To
No results found
Unknown (178)
N/A (59)
Not mentioned (17)
1 (14)
Not provided (12)
Other versions may also be affected. (8)
Unknown (other versions may also be affected) (8)
2 (7)
3.5-RC7 (6)
not specified (6)
1.0 (5)
0.5 (3)
02.01 (3)
1.0.1 (3)
1.2 (3)
1.6 (3)
1.9.2002 (3)
2.0.0 (3)
2.0.2 (3)
2.1 (3)
4 (3)
6 (3)
Prior versions (3)
1.0.2 (2)
1.0.3 (2)
1.0.6 (2)
1.1.2001 (2)
1.2.2002 (2)
1.8.2005 (2)
2.3 (2)
2.7.17 (2)
2000.1.6 (2)
2000.3.6 (2)
3.0 (2)
3.2 (2)
3.3 (2)
4.2.1 (2)
5.3 (2)
6.5 (2)
6.6 (2)
7 (2)
8.98.4.1 and OneWorld Tools through 24.1.3 (2)
All versions (2)
v4.09.03 (2)
v9.1 (2)
>=0.9.9.3 (1)
< 4.10.0 (1)
< 7.1 CE GA4 (1)
< 7.3 (1)
0.1 (1)
Severity Type
No results found
MEDIUM (448)
HIGH (387)
N/A (9)
CRITICAL (6)
LOW (2)
Severity Number
No results found
5.5 (272)
7.5 (261)
5 (64)
4.3 (61)
7 (58)
6.1 (49)
8 (24)
8.8 (24)
3 (23)
4 (18)
Exploit Author
No results found
Unknown (247)
SecurityFocus (41)
Not mentioned (22)
Not provided (16)
loneferret (13)
Not Specified (11)
indoushka (8)
nu11secur1ty (8)
AmnPardaz Security Research Team (7)
loneferret of Offensive Security (7)
Anonymous (5)
Milad Karimi (5)
Gjoko 'LiquidWorm' Krstic (4)
Mirabbas Agalarov (4)
Vulnerability Laboratory Research Team (4)
Ahmed Alroky (3)
Benjamin Kunz Mejri (3)
Central InfoSec (3)
John Doe (3)
milw0rm.com (3)
Not Available (3)
Shubham Pandey (3)
Thiago 'THX' Sena (3)
Vulnerability-Lab (3)
0xB9 (2)
Abdulazeez Alaseeri (2)
Core Security Technologies - Corelabs Advisory (2)
Cyril Vallicari / HTTPCS - ZIWIT (2)
Danny Moules (2)
Emanuele 'emgent' Gentili (2)
High-Tech Bridge SA - Ethical Hacking & Penetration Testing (2)
Kacper Szurek (2)
LiquidWorm (2)
longer (2)
M.Jock3R (2)
Marco Nappi (2)
Mehmet EMIROGLU (2)
Mesut Cetin (2)
Pralhad Chaskar (2)
Project Zero (2)
Sp.IC (2)
Usman Saeed (2)
Valentin Hoebel (2)
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@vulnerability-lab.com) (2)
(cXIb8O3) and jet (1)
@fdiskyou (1)
599eme Man (1)
Adam Ziaja (1)
Adler Freiheit (1)
AFFAN AHMED (1)
Platforms Tested
No results found
N/A (97)
Unknown (87)
Windows (61)
Linux (43)
None (24)
WordPress (19)
Mac (18)
Not mentioned (18)
Windows 10 (15)
Not provided (14)
Not Specified (10)
Windows 7 pro SP1 x86 (10)
Windows Server 2003 sp2 (10)
Windows 7 (6)
Kali Linux (5)
Mac OS Lion (5)
Windows XP Pro SP3 (x86) (5)
FireFox (3)
iOS (3)
macOS (3)
Ubuntu Server LAMP 8.04 (3)
Web (3)
Windows 11 (3)
Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) (3)
WordPress (platform) (3)
10 (2)
8.1 (2)
All OS (2)
BT4 pre-final (2)
Flexmonster Pivot Table & Charts 2.7.17 (2)
JBoss server/windows (2)
KALI OS (2)
Linux & Windows (2)
Microsoft Windows XP Professional SP3 (EN) (2)
Not available (2)
Wamp64 (2)
Windows 10 Pro (2)
Windows XP Sp2 FR (2)
/pages/help.php (1)
/pages/preview.php (1)
/pages/search.php (1)
/pages/themes.php (1)
/pages/user_password.php (1)
/pages/user_request.php (1)
All (1)
and Microsoft Windows (1)
and SEMAC (1)
Android (1)
any (1)
Apache 1.3.27 (Win32) (1)
Year
Year
No results found
Unknown (188)
2012 (47)
2010 (46)
2009 (35)
2011 (31)
2021 (28)
2020 (25)
2022 (25)
2023 (22)
2005 (18)
2002 (17)
Not mentioned (17)
2007 (16)
2008 (15)
2017 (14)
2018 (13)
2019 (13)
Not provided (13)
2013 (12)
2006 (11)
2014 (11)
Not Specified (9)
N/A (6)
2016 (5)
2015 (4)
2024 (4)
2004 (3)
2003 (1)
Discovered in 2009 (1)
Pending (1)

Explore all Exploits:

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

Stored Cross-Site Scripting (XSS) in WordPress Plugin WP Video Playlist 1.1.1

The Wordpress Plugin WP Video Playlist 1.1.1 is vulnerable to stored cross-site scripting (XSS) attack. An attacker can inject malicious scripts into the 'videoFields[post_type]' input field, leading to the execution of arbitrary code in the context of the user's browser. This can result in cookie theft, session hijacking, or other malicious activities.

WEBIGniter v28.7.23 XSS

The 'your_name' parameter in WEBIGniter v28.7.23 lacks proper input validation, leading to a vulnerability where an attacker can execute malicious JavaScript code by injecting it into the parameter. This can result in reflected cross-site scripting (XSS) attacks, potentially compromising user data and system integrity.

Petrol Pump Management Software v1.0 – ‘Address’ Stored Cross Site Scripting

A Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by inserting a specially crafted payload into the 'Address' parameter in the add_invoices.php component.

Stored Cross-Site Scripting in Solar-Log 200 3.6.0 Web Panel

The Solar-Log 200 PM+ 3.6.0 Build 99 web panel is vulnerable to stored cross-site scripting (XSS) due to improper input validation. By inserting malicious code into the 'name' field under the Smart Energy configuration, an attacker can execute arbitrary scripts in the context of an authenticated user's session, potentially leading to cookie theft.

Cross Site Scripting (Stored) in GYM Management System

The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data in the 'lname' field of the profile.php page. An attacker can inject a malicious payload, such as x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22, which will be executed whenever a user accesses the profile.php page, leading to the execution of arbitrary scripts in the context of the user's browser. This vulnerability has been detected by Alperen Yozgat.

Petrol Pump Management Software v.1.0 – Stored Cross Site Scripting via SVG file

An attacker can exploit a Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 by injecting malicious code through a crafted payload into the image parameter in the profile.php component. By uploading a specially crafted xss.svg file, the attacker can execute arbitrary code. The content of the xss.svg file includes a script that triggers an alert message.

Petrol Pump Management Software v.1.0 – Stored Cross Site Scripting via SVG file

A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute malicious code by uploading a specially crafted SVG file to the 'image' parameter in the profile.php component. By exploiting this vulnerability, an attacker can conduct various attacks such as stealing sensitive data, session hijacking, or defacing the website.

bxcp 0.299 exploit

The bxcp 0.299 exploit is a PHP script that exploits a vulnerability in the bxcp software version 0.299. It allows an attacker to execute arbitrary code on the target system by injecting malicious code through a specially crafted HTTP GET request. The exploit takes advantage of a SQL injection vulnerability in the 'show' parameter of the 'index.php' file, allowing the attacker to retrieve sensitive information such as user passwords.

Recent Exploits:

cqrsecured