header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Directory Traversal
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
22 (800)
79 (38)
89 (15)
200 (12)
352 (12)
78 (10)
Unknown (10)
20 (9)
22 (Path Traversal) (9)
98 (8)
264 (7)
434 (6)
N/A (6)
119 (5)
287 (5)
400 (5)
522 (4)
79 (Cross-site Scripting) (4)
94 (3)
22 (Improper Limitation of a Pathname to a Restricted Directory) (2)
564 (2)
601 (2)
80 (2)
120 (1)
134 (1)
20 (Improper Input Validation) (1)
200 (Information Exposure) (1)
2001 (1)
23 (1)
285 (1)
36 (1)
399 (Resource Exhaustion) (1)
476 (1)
5 (1)
614 (Cookie Manipulation) (1)
7.5 (1)
787 (1)
CVE-2009-3693 (1)
CPE
No results found
N/A (260)
Unknown (11)
a:apple:iphone_os (2)
a:atlassian:confluence:6.15.1 (2)
a:automatic-systems:soc_fl9600_fastline:V06 (2)
a:bludit:bludit (2)
a:cakephp:cakephp (2)
a:checkview:checkview (2)
a:extropia:bbs_forum:1.0 (2)
a:farmers_wife:farmers_wife_server:4.4_sp1 (2)
a:ibm:lotus_domino_server (2)
a:microsoft:iis:4.0 (2)
a:microsoft:iis:5.0 (2)
a:wordpress:wordpress (2)
a:zenloadbalancer:zen_load_balancer (2)
h:tp-link:tl-wr740n_firmware:3.12.11 (2)
Not mentioned (2)
o:apple:mac_os_x (2)
o:simplesoftware:simpleserver:1.06 (2)
//a:sambar_server (1)
2.3:a:99robots:wp_background_takeover:4.1.4 (1)
2.3:a:ruby:ruby (1)
3.0.0.3 (1)
35mm-slide-gallery (1)
4.6 (1)
602_lan_suite_2004 (1)
a:1024cms:1024cms:1.1.0 (1)
a:2x:thinclientserver (1)
a:3com:intelligent_management_center (1)
a:7-technologies:igss (1)
a:a10_networks:softax (1)
a:aapanel:aapanel:6.8.21 (1)
a:acrolinx:acrolinx_dashboard (1)
a:adobe:coldfusion (1)
a:adobe:coldfusion:8.0 (1)
a:advantech:studio:7.0 (1)
a:advantech:susiaccess (1)
a:advantech:susiaccess_server (1)
a:alienvault:ossim (1)
a:allaire:jrun (1)
a:alt-n_technologies:worldclient (1)
a:anaconda_foundation:anaconda_foundation_directory (1)
a:aol:aolserver (1)
a:apache:activemq:5.x (1)
a:apache:cocoon (1)
a:apache:flink (1)
a:apache:ofbiz (1)
a:apache:tomcat (1)
a:apache:tomcat:3.2 (1)
a:apache:tomcat:6.0.18 (1)
Vendor
No results found
N/A (78)
Microsoft (14)
Apple (11)
Apache (10)
IBM (9)
Joomla! (9)
Oracle (9)
WordPress (9)
Unknown (8)
HP (7)
Cisco (5)
CoreFTP (5)
ManageEngine (5)
Sun (4)
TP-Link (4)
Adobe (3)
Advantech (3)
Atlassian (3)
Bludit (3)
Distinct (3)
IPSwitch (3)
Mongoose (3)
Motorola (3)
Novell (3)
SAP (3)
Trend Micro (3)
TVT (3)
VMware (3)
@mail (2)
Acritum (2)
Allaire (2)
Alt-N Technologies (2)
ArgoSoft (2)
Automatic Systems (2)
Axigen (2)
Belden (2)
BlogEngine.NET (2)
BlueFinger Apps (2)
CakePHP (2)
Carel (2)
checkview (2)
Chyrp (2)
Citrix (2)
eWebeditor (2)
Extropia (2)
Farmers Wife (2)
FarsiNews (2)
Flatnux (2)
Frontier Design (2)
Genivia (2)
Product Name
No results found
N/A (7)
EditTag (4)
Coldfusion (3)
CoreFTP Server (3)
Home FTP Server (3)
HTTP Server (3)
Mail Server (3)
Tomcat (3)
1 (2)
602 Lan Suite 2004 (2)
aBitWhizzy (2)
ActiveMQ (2)
bbs_forum.cgi (2)
BlogEngine.NET (2)
Bludit (2)
CakePHP (2)
checkview (2)
Chyrp (2)
CMS (2)
Confluence (2)
DiskStation Manager (2)
eWebeditor (2)
Farmers Wife Server (2)
Flatnux (2)
Hosting Controller (2)
IIS (2)
IIS 5.0 (2)
Intelligent Management Center (2)
iPhone OS (2)
Joomla (2)
Lotus Domino Server (2)
mcNews (2)
Mongoose (2)
Neon WebMail (2)
Net Inspector (2)
NVMS-1000 (2)
Offline Explorer (2)
phpMyAdmin (2)
phpTrafficA (2)
Plesk (2)
Protection Server and Keys Server (2)
RaidenFTPD (2)
Sambar Server (2)
SD Server (2)
Secure Console Server SCS820/SCS1620 (2)
Serv-U FTP Server (2)
Shoutbox (2)
Simple web-server (2)
SimpleServer (2)
SOC FL9600 FastLine (2)
Version
From
No results found
N/A (153)
Unknown (37)
1 (26)
1.0 (8)
3.1 (8)
All versions (8)
1.2 (7)
2.1 (5)
1.1 (4)
2 (4)
0.0.7 (3)
1.0.0 (3)
1.4.2001 (3)
1.6 (3)
2.1.2000 (3)
2.7 (3)
2.8 (3)
3 (3)
4 (3)
5.5 (3)
7 (3)
not specified (3)
0.0.2 (2)
0.1.1 (2)
0.5.0 (2)
02.01 (2)
05.06 (2)
06.01 (2)
1.0.0.0 (2)
1.0.2 (2)
1.0.4 (2)
1.1.7.3633 (2)
1.2.1 (2)
1.3.0 (2)
1.3.2003 (2)
1.5 (2)
2.0.0 (2)
2.0.2 (2)
2.0.5 (2)
2.0.7 (2)
2.1.2002 (2)
2.5 (2)
3.0.12 (2)
3.1.4 (2)
3.3 (2)
3.4.0 (2)
3.6 (2)
4.1 (2)
4.11.2.G (2)
4.4 SP1 (2)
To
No results found
N/A (162)
Unknown (61)
1 (19)
All versions (7)
1.0 (6)
3.5-RC7 (6)
Other versions may also be affected. (5)
1.1 (4)
0.0.7 (3)
1.0.0 (3)
1.2 (3)
2 (3)
2.1 (3)
2.1.2000 (3)
2.8 (3)
3 (3)
not specified (3)
0.0.2 (2)
0.1.1 (2)
02.01 (2)
06.01 (2)
1.0.3 (2)
1.0.4 (2)
1.1.2001 (2)
1.1.7.3633 (2)
1.2.1 (2)
1.3 (2)
1.3.0 (2)
1.3.2002 (2)
1.3.2003 (2)
1.4.2001 (2)
1.5 (2)
1.6 (2)
2.0.0 (2)
2.0.2 (2)
2.0.5 (2)
2.0.7 (2)
2.1.2002 (2)
2.4 (2)
2.5 (2)
3.1.4 (2)
3.3 (2)
3.3.6 (2)
3.4.0 (2)
3.6 (2)
4.1 (2)
4.11.2.G (2)
4.3 (2)
4.4 SP1 (2)
5.5 (2)
Severity Type
No results found
HIGH (648)
MEDIUM (136)
N/A (33)
CRITICAL (16)
LOW (3)
Severity Number
No results found
7.5 (421)
5 (132)
7 (127)
5.5 (45)
N/A (39)
8.8 (36)
8 (35)
4.3 (30)
3 (13)
9.8 (13)
Exploit Author
No results found
SecurityFocus (315)
Unknown (61)
Luigi Auriemma (10)
R3d@l3rt (8)
James Fitts (7)
Khashayar Fereidani (7)
milw0rm.com (7)
Sunlight (7)
H@ckk3y (6)
Berk Dusunur (5)
Dr_IDE (5)
FL0RiX (5)
Kevin Randall (5)
numan türle (5)
sinn3r (5)
Sp@2K (5)
Anonymous (4)
AutoSec Tools (4)
Gjoko 'LiquidWorm' Krstic (4)
Jonathan Salwan (4)
juan vazquez (4)
modpr0be (4)
N/A (4)
Vulnerability Laboratory (4)
Dhiraj Mishra (3)
Hoa Nguyen - SunCSR Team (3)
John Page (aka hyp3rlinx) (3)
LiquidWorm (3)
MC (3)
Vulnerability Laboratory Research Team (3)
Wadeek (3)
Zero X (3)
Abdualhadi khalifa (2)
Alcyon (2)
AmnPardaz Security Research Team (2)
Anastasios Monachos (2)
Andrea Fabrizi (2)
Basim Alabdullah (2)
c0ntex (2)
Carlos Avila (2)
chr1x (2)
e.wiZz! (2)
Emre ÖVÜNÇ (2)
Georgi Guninski (2)
H!tm@N (2)
Hessam-x (2)
Ihsan Sencan (2)
Jay Turla (2)
John Leitch (2)
kim@story (2)
Platforms Tested
No results found
N/A (314)
Windows (113)
Linux (54)
None (53)
Unknown (33)
unix (17)
Mac (13)
iPhone (11)
iPod 3GS with 4.2.1 firmware (10)
Windows 7 (10)
Microsoft Windows (9)
Windows 10 (6)
Windows XP (6)
Windows XP SP3 (6)
iOS (5)
iPhone 4 (IOS 4.0.1) (5)
Windows 7 SP1 (4)
Linux Mint (3)
Not Specified (3)
Parrot OS (3)
PHP (3)
Windows 2003 SP2 (3)
Windows and Linux (3)
Windows XP SP3 EN (3)
WordPress (3)
Xampp on Windows7 (3)
1 (2)
Apache (2)
Apache-Coyote/1.1 (2)
CentOS (2)
iOS Mobile Web Application (2)
macOS (2)
Microsoft Windows Server 2003 r2 sp2 (2)
Solaris (2)
TP-Link TL-WR740N (2)
WIN32 (2)
WiN7_x64/KaLiLinuX_x64 (2)
Windows Server 2012 R2 (2)
Windows Vista + XAMPP (2)
Windows XP Service Pack 2 (2)
Windows XP Service Pack 3 - English (2)
3.3.6 (1)
3.3.7 (1)
a:microsoft:iis:4.0cpe:/a:microsoft:iis:5.0 (1)
Adobe ColdFusion 11 (1)
Adobe ColdFusion 2016 (1)
Adobe ColdFusion 2018 (1)
All (1)
all versions (1)
Android (1)
Year
Year
No results found
2002 (120)
2008 (56)
Unknown (52)
2005 (50)
2020 (46)
2010 (43)
2011 (42)
2012 (39)
2001 (37)
2013 (31)
2018 (31)
2019 (27)
2006 (26)
2009 (26)
2004 (24)
2014 (23)
2017 (22)
2015 (17)
2016 (11)
2003 (9)
2007 (9)
2023 (8)
2021 (7)
N/A (5)
2022 (4)
2000 (3)
1999 (2)
2024 (2)
HIGH (2)
Not mentioned (2)
1998 (1)
Feb 02 2013 (1)
MEDIUM (1)
Not available (1)
Not provided (1)
or execution of files. This vulnerability also affects Windows 98 hosts running Microsoft Personal Web Server. An aggressive worm may be in the wild that actively exploits this vulnerability." (1)

Explore all Exploits:

Show More

Apache OFBiz 18.12.12 – Directory Traversal

Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.

6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name
OFBiz
Platforms Tested
Windows
Affected Version
From:
18.12.12
To:
18.12.12
2024
Show More

Directory Traversal in Automatic-Systems SOC FL9600 FastLine

The Automatic-Systems SOC FL9600 FastLine V06 allows Directory Traversal via a specially crafted HTTP request. An attacker can exploit this vulnerability to read arbitrary files on the server, such as sensitive system files like 'passwd'. This vulnerability has been assigned CVE-2023-37607.

6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name
SOC FL9600 FastLine
Platforms Tested
Affected Version
From:
V06
To:
V06
2023
Show More

TP-Link TL-WR740N Unauthenticated Directory Traversal

The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.

6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name
TL-WR740N
Platforms Tested
TP-Link TL-WR740N
Affected Version
From:
3.12.11 Build 110915 Rel.40896n
To:
3.12.11 Build 110915 Rel.40896n
2023
Show More

Directory Traversal in Automatic-Systems SOC FL9600 FastLine

The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.

6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name
SOC FL9600 FastLine
Platforms Tested
Affected Version
From:
V06
To:
V06
2023
Show More

TP-Link TL-WR740N Unauthenticated Directory Traversal

The exploit allows an unauthenticated user to traverse directories and access sensitive system files like /etc/shadow on TP-Link TL-WR740N version 3.12.11 Build 110915 Rel.40896n. This vulnerability could lead to unauthorized access to critical system information.

6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name
TL-WR740N
Platforms Tested
TP-Link TL-WR740N
Affected Version
From:
3.12.2011
To:
3.12.11
2023
Show More

Persits XUpload ActiveX MakeHttpRequest Directory Traversal

This module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing ".." sequences to the MakeHttpRequest method

an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of multi/handler since a user would have to log for the payload to execute."
CVSS
7.5
Directory Traversal
CVE-2009-3693
CWE
Product Name
Persits Software Inc
Platforms Tested
XUpload ActiveX
Affected Version
From:
NO
To:
3.0.0.3
HIGH

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR

cqrsecured