header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Remote Code Execution
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
78 (572)
94 (278)
119 (117)
20 (59)
N/A (58)
Unknown (40)
502 (24)
264 (21)
89 (20)
434 (19)
79 (19)
Not provided (10)
284 (8)
Not mentioned (8)
287 (7)
77 (6)
95 (6)
22 (5)
798 (4)
352 (3)
78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (3)
120 (2)
98 (2)
Not Specified (2)
RCE-78 (2)
119 (Buffer Copy without Checking Size of Input) (1)
134 (1)
190 (1)
200 (1)
269 (1)
285 (1)
415 (1)
522 (1)
538 (1)
6.10 (1)
639 (1)
732 (1)
80 (1)
88 (1)
890 (1)
CWE-269: Improper Privilege Management (1)
Injection (1)
Integer Overflow (1)
N/A (No CWE available) (1)
Not Available (1)
RCE (1)
CPE
No results found
N/A (279)
Unknown (22)
Not mentioned (12)
Not provided (11)
o:microsoft:windows (11)
a:microsoft:internet_explorer (9)
None (6)
a:apple:quicktime (5)
a:adobe:flash_player (4)
a:codiad:codiad (4)
a:openemr:openemr (4)
a:boiteasite:cmsuno:1.6.2 (3)
a:cacti:cacti:1.2.8 (3)
a:codeastro:real_estate_management_system:1.0 (3)
a:drupal:drupal (3)
a:freepbx:freepbx (3)
a:microsoft:office (3)
a:mozilla:firefox (3)
a:petrol_pump_management_software:petrol_pump_management_software:1.0 (3)
a:phpmailer:phpmailer (3)
a:phpnuke:php-nuke (3)
a:trend_micro:internet_security_pro_2010 (3)
Not Specified (3)
2.0 (2)
2.1.6 (2)
a:3ds:catia_v5-6r2013 (2)
a:apache:solr (2)
a:apache:struts (2)
a:apache:struts:2.3.5 (2)
a:apache:tomcat (2)
a:apple:safari (2)
a:elastic:elasticsearch:8.5.3 (2)
a:flatnuke:flatnuke:2.5.5 (2)
a:foxitsoftware:foxit_reader (2)
a:gitlab:gitlab (2)
a:hewlett_packard:data_protector (2)
a:hp:openview_network_node_manager:7.53 (2)
a:hp:openview_nnm:7.53 (2)
a:jedox:jedox (2)
a:joomla:joomla (2)
a:kusaba:kusaba:1.0.4 (2)
a:microsoft:excel (2)
a:microsoft:internet_explorer:7.0.5730.13 (2)
a:microsoft:rdp (2)
a:microsoft:sharepoint_server:2019 (2)
a:moodle:moodle (2)
a:mybb:mybb (2)
a:mybb:mybb:1.2.10 (2)
a:numbas_project:numbas:7.2 (2)
a:oracle:java (2)
Vendor
No results found
Microsoft (88)
N/A (71)
Oracle (32)
Apache (30)
WordPress (19)
HP (18)
Apple (17)
Novell (17)
Unknown (16)
Sourcecodester (15)
Adobe (13)
IBM (8)
Joomla! (8)
Cisco (7)
Drupal (7)
GL-inet (7)
OpenEMR (7)
phpBB (7)
Mozilla (6)
PHP (6)
Trend Micro (6)
vBulletin (6)
Cacti (5)
CMS Made Simple (5)
Hewlett Packard (5)
ManageEngine (5)
MyBB (5)
NETGEAR (5)
PHPGurukul (5)
Codiad (4)
D-Link (4)
FreePBX (4)
GitLab (4)
Google (4)
Not mentioned (4)
PHP-Nuke (4)
PHPMailer (4)
Samsung (4)
Schneider Electric (4)
Splunk (4)
TP-Link (4)
Trixbox (4)
AAF Digital HD Forum | Atelmo GmbH (3)
Asterisk (3)
Autodesk (3)
BMC Software (3)
Boiteasite (3)
Codeastro (3)
EMC (3)
EyesOfNetwork (3)
Product Name
No results found
N/A (26)
Internet Explorer (17)
Windows (14)
GL.iNet (7)
Java (7)
Joomla (7)
OpenEMR (7)
phpBB (7)
Drupal (6)
Struts (6)
Struts2 (6)
Unknown (6)
WebLogic Server (6)
CMS Made Simple (5)
Data Protector (5)
Flash Player (5)
MyBB (5)
PHPMailer (5)
QuickTime (5)
Trixbox (5)
vBulletin (5)
Windows 10 (5)
Cacti (4)
Codiad (4)
CuteNews (4)
Excel (4)
Firefox (4)
Gitea (4)
GitLab (4)
MySQL (4)
Netware (4)
Oracle Database (4)
PHP (4)
Asterisk (3)
Atemio AM 520 HD Full HD satellite receiver (3)
CMSUno (3)
ElasticSearch (3)
Firewalls (3)
FreePBX (3)
Fuel CMS (3)
Github Enterprise (3)
Groupwise Internet Agent (3)
Internet Security Pro 2010 (3)
iOS (3)
Jenkins (3)
Moodle (3)
Numbas (3)
Office (3)
Petrol Pump Management Software (3)
PHP-Nuke (3)
Version
From
No results found
N/A (140)
Unknown (65)
3.1 (48)
1.0 (26)
1 (25)
2.0 (8)
1.0.0 (7)
2 (7)
1.1 (6)
1.2 (6)
3.0.0 (6)
Not mentioned (5)
1.0.4 (4)
1.3 (4)
1.4 (4)
2.0.0 (4)
4 (4)
5.0.0 (4)
7.53 (4)
Windows Vista (4)
0.7 (3)
1.1.0 (3)
1.2.10 (3)
1.4.2000 (3)
10.3.6.0.0 (3)
17.50.0.1366 (3)
2.0.1 (3)
2.1 (3)
2.2 (3)
2.8.0 (3)
2.8.4 (3)
3 (3)
3.216 (3)
6 (3)
8.0 (3)
8.1 (3)
All (3)
All Version (3)
Firmware <=2.01 (3)
Not provided (3)
not specified (3)
Oracle Database 10g Enterprise Edition Release 10.1.0.3.0 (3)
Struts 2.3.5 - Struts 2.3.31 (3)
Windows Server 2003 (3)
< 10 (2)
< 3.2 (2)
0.0.4 (2)
0.1.9.1b (2)
0.5.0 (2)
0.6 (2)
To
No results found
N/A (156)
Unknown (85)
1.0 (25)
3.5-RC7 (23)
1 (20)
1.2 (8)
2.0 (8)
Not mentioned (8)
1.1 (6)
not specified (6)
1.0.4 (4)
1.3 (4)
2 (4)
4 (4)
4.3.2007 (4)
7.53 (4)
None (4)
Not provided (4)
0.5.0 (3)
1.0.0 (3)
1.2.10 (3)
1.4 (3)
1.6.2 (3)
2.0.1 (3)
2.1 (3)
2.8.4 (3)
3 (3)
3.216 (3)
6.11 (3)
All (3)
All Version (3)
Struts 2.5 - Struts 2.5.10 (3)
Windows 10 (3)
0.0.4 (2)
0.1 (2)
0.1.9.1b (2)
0.6 (2)
0.7 (2)
0.8 (2)
0.9 (2)
03.01 (2)
1.0.2 (2)
1.00-06 (2)
1.1.0 (2)
1.1.2002 (2)
1.11.2 (2)
1.4.1 (2)
1.4.2000 (2)
1.4.2001 (2)
1.4.2002 (2)
Severity Type
No results found
HIGH (1175)
CRITICAL (209)
N/A (95)
MEDIUM (11)
LOW (3)
Severity Number
No results found
7.5 (435)
9 (255)
9.8 (210)
3 (134)
8 (132)
9.3 (127)
N/A (115)
7 (114)
5 (96)
8.8 (77)
Exploit Author
No results found
Unknown (60)
SecurityFocus (53)
rgod (43)
juan vazquez (34)
Kacper (a.k.a Rahim) (23)
sinn3r (22)
Anonymous (18)
LiquidWorm (15)
Francis Provencher (13)
Kingcope (11)
DarkFig (10)
Jay Turla (10)
Askar (9)
Egidio Romano aka EgiX (9)
Dawid Golunski (8)
milw0rm.com (8)
Dj7xpl (7)
EgiX (7)
Michele 'cyberaz0r' Di Bonaventura (7)
Ron Jost (Hacker5preme) (7)
Kacper Szurek (6)
mu-b (6)
N/A (6)
1F98D (5)
BlackHawk (5)
Charles "real" F. (5)
Gjoko 'LiquidWorm' Krstic (5)
Jeremy Brown (5)
Kacper (5)
Kw3[R]Ln (5)
Milad Karimi (Ex3ptionaL) (5)
Shadow Brokers (5)
agix (4)
Brendan Coles (4)
Christian Vierschilling (4)
Eduardo Braun Prado (4)
Fatih Çelik (4)
Jakub Palaczynski (4)
Mohamed Shetta (4)
mr_me (4)
Nine:Situations:Group::bruiser (4)
Nixawk (4)
Not Specified (4)
nuffsaid (4)
Özkan Mustafa Akkuş (AkkuS) (4)
Redteam Pentesting (4)
Shahin (4)
wireghoul (4)
abhishek morla (3)
Andrea "bunker" Purificato (3)
Platforms Tested
No results found
Windows (258)
Linux (211)
N/A (206)
None (78)
Mac (60)
unix (41)
PHP (24)
Windows XP SP3 (20)
Windows XP SP2 (19)
Windows 10 (18)
All (14)
Apache (13)
Windows 7 (13)
Java (12)
OSX (11)
Unknown (10)
Not mentioned (9)
Ubuntu 18.04 (9)
Windows Vista (9)
FireFox (8)
GL.iNet AR300M (7)
win (7)
Windows 2000 SP4 (7)
CentOS (6)
Ruby (6)
Ubuntu (6)
Ubuntu 16.04 (6)
Ubuntu 20.04 (6)
Debian (5)
Kali Linux 2020.2 (5)
Linux x64_x86 (5)
macOS (5)
NA (5)
Solaris (5)
Windows 10 x64 (5)
Windows 2016 (5)
Windows Server 2003 (5)
Android (4)
Mac OS X (4)
PHP 7.4.14 (4)
Python (4)
Ubuntu 20.04 LTS (4)
Windows 2003 SP2 (4)
Windows XP (4)
8.1 (3)
Apache 2.4.41 (3)
Atemio 7600 HD STB (3)
ATEMIO M46506 revision 990 (3)
CentOS 7.3 / PHP 7.1.33 (3)
Debian 9.11 (x64) (3)
Year
Year
No results found
2020 (172)
2018 (90)
2008 (88)
2019 (78)
2009 (76)
2021 (71)
Unknown (70)
2017 (68)
2013 (61)
2007 (59)
2016 (58)
2010 (57)
2006 (56)
2014 (50)
2012 (48)
2011 (46)
2005 (44)
2015 (44)
2023 (39)
2002 (20)
2022 (18)
2024 (14)
2003 (11)
2004 (11)
2001 (8)
Not mentioned (8)
Not Specified (6)
2000 (5)
Not provided (4)
[date] (1)
1998 (1)
1999 (1)
2005-2006 (1)
20090613 (1)
Before 2020 (1)
Feb 22 2013 (1)
May 10 2011 (1)
May 11 2012 (1)
May 21 2012 (1)
N/A (1)
Nov 02 2009 (1)
Oct 20 2011 (1)

Explore all Exploits:

WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution

The vulnerability in Wordpress Plugin Background Image Cropper v1.2 allows remote attackers to execute arbitrary code on the target system. By uploading a malicious PHP file, an attacker can run commands on the server remotely. This vulnerability has a CVE ID pending assignment.

Nokia BMC Log Scanner Remote Code Execution

The BMC Log Scanner web application in Nokia's BMC is vulnerable to command injection attacks, which can be exploited for unauthenticated remote code execution. This vulnerability is critical as the service runs with root privileges. By injecting a malicious command in the Search Pattern field, an attacker can execute arbitrary commands on the target system as root.

Karaf v4.4.3 Console Remote Code Execution

The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.

Metabase 0.46.6 – Pre-Auth Remote Code Execution

A vulnerability in Metabase version 0.46.6 allows remote attackers to execute arbitrary code before authentication. By sending a crafted request to the '/exploitable' endpoint, an attacker can trigger the execution of malicious code on the target server. This vulnerability has been assigned CVE-2023-38646.

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

The vulnerability in Atemio AM 520 HD Full HD satellite receiver with firmware <=2.01 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, leading to root access.

DS Wireless Communication Remote Code Execution

The exploit allows injection of arbitrary code into a client's game through a crafted payload. The code author holds no liability for any damages caused by the usage of this exploit. By exploiting this vulnerability, an attacker can execute remote code on the target system.

Juniper SRX Firewalls & EX Switches Remote Code Execution (Pre-Authentication)

The exploit code serves as a vulnerability checker and proof of concept for CVE-2023-36845. It triggers the phpinfo() function on the login page of the target device, enabling inspection of the PHP configuration. The script also provides the option to save the phpinfo() output for further analysis.

Recent Exploits: