header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Remote Code Execution
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
78 (572)
94 (278)
119 (117)
20 (59)
N/A (58)
Unknown (40)
502 (24)
264 (21)
89 (20)
434 (19)
79 (19)
Not provided (10)
284 (8)
Not mentioned (8)
287 (7)
77 (6)
95 (6)
22 (5)
798 (4)
352 (3)
78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (3)
120 (2)
98 (2)
Not Specified (2)
RCE-78 (2)
119 (Buffer Copy without Checking Size of Input) (1)
134 (1)
190 (1)
200 (1)
269 (1)
285 (1)
415 (1)
522 (1)
538 (1)
6.10 (1)
639 (1)
732 (1)
80 (1)
88 (1)
890 (1)
CWE-269: Improper Privilege Management (1)
Injection (1)
Integer Overflow (1)
N/A (No CWE available) (1)
Not Available (1)
RCE (1)
CPE
No results found
N/A (279)
Unknown (22)
Not mentioned (12)
Not provided (11)
o:microsoft:windows (11)
a:microsoft:internet_explorer (9)
None (6)
a:apple:quicktime (5)
a:adobe:flash_player (4)
a:codiad:codiad (4)
a:openemr:openemr (4)
a:boiteasite:cmsuno:1.6.2 (3)
a:cacti:cacti:1.2.8 (3)
a:codeastro:real_estate_management_system:1.0 (3)
a:drupal:drupal (3)
a:freepbx:freepbx (3)
a:microsoft:office (3)
a:mozilla:firefox (3)
a:petrol_pump_management_software:petrol_pump_management_software:1.0 (3)
a:phpmailer:phpmailer (3)
a:phpnuke:php-nuke (3)
a:trend_micro:internet_security_pro_2010 (3)
Not Specified (3)
2.0 (2)
2.1.6 (2)
a:3ds:catia_v5-6r2013 (2)
a:apache:solr (2)
a:apache:struts (2)
a:apache:struts:2.3.5 (2)
a:apache:tomcat (2)
a:apple:safari (2)
a:elastic:elasticsearch:8.5.3 (2)
a:flatnuke:flatnuke:2.5.5 (2)
a:foxitsoftware:foxit_reader (2)
a:gitlab:gitlab (2)
a:hewlett_packard:data_protector (2)
a:hp:openview_network_node_manager:7.53 (2)
a:hp:openview_nnm:7.53 (2)
a:jedox:jedox (2)
a:joomla:joomla (2)
a:kusaba:kusaba:1.0.4 (2)
a:microsoft:excel (2)
a:microsoft:internet_explorer:7.0.5730.13 (2)
a:microsoft:rdp (2)
a:microsoft:sharepoint_server:2019 (2)
a:moodle:moodle (2)
a:mybb:mybb (2)
a:mybb:mybb:1.2.10 (2)
a:numbas_project:numbas:7.2 (2)
a:oracle:java (2)
Vendor
No results found
Microsoft (88)
N/A (71)
Oracle (32)
Apache (30)
WordPress (19)
HP (18)
Apple (17)
Novell (17)
Unknown (16)
Sourcecodester (15)
Adobe (13)
IBM (8)
Joomla! (8)
Cisco (7)
Drupal (7)
GL-inet (7)
OpenEMR (7)
phpBB (7)
Mozilla (6)
PHP (6)
Trend Micro (6)
vBulletin (6)
Cacti (5)
CMS Made Simple (5)
Hewlett Packard (5)
ManageEngine (5)
MyBB (5)
NETGEAR (5)
PHPGurukul (5)
Codiad (4)
D-Link (4)
FreePBX (4)
GitLab (4)
Google (4)
Not mentioned (4)
PHP-Nuke (4)
PHPMailer (4)
Samsung (4)
Schneider Electric (4)
Splunk (4)
TP-Link (4)
Trixbox (4)
AAF Digital HD Forum | Atelmo GmbH (3)
Asterisk (3)
Autodesk (3)
BMC Software (3)
Boiteasite (3)
Codeastro (3)
EMC (3)
EyesOfNetwork (3)
Product Name
No results found
N/A (26)
Internet Explorer (17)
Windows (14)
GL.iNet (7)
Java (7)
Joomla (7)
OpenEMR (7)
phpBB (7)
Drupal (6)
Struts (6)
Struts2 (6)
Unknown (6)
WebLogic Server (6)
CMS Made Simple (5)
Data Protector (5)
Flash Player (5)
MyBB (5)
PHPMailer (5)
QuickTime (5)
Trixbox (5)
vBulletin (5)
Windows 10 (5)
Cacti (4)
Codiad (4)
CuteNews (4)
Excel (4)
Firefox (4)
Gitea (4)
GitLab (4)
MySQL (4)
Netware (4)
Oracle Database (4)
PHP (4)
Asterisk (3)
Atemio AM 520 HD Full HD satellite receiver (3)
CMSUno (3)
ElasticSearch (3)
Firewalls (3)
FreePBX (3)
Fuel CMS (3)
Github Enterprise (3)
Groupwise Internet Agent (3)
Internet Security Pro 2010 (3)
iOS (3)
Jenkins (3)
Moodle (3)
Numbas (3)
Office (3)
Petrol Pump Management Software (3)
PHP-Nuke (3)
Version
From
No results found
N/A (140)
Unknown (65)
3.1 (48)
1.0 (26)
1 (25)
2.0 (8)
1.0.0 (7)
2 (7)
1.1 (6)
1.2 (6)
3.0.0 (6)
Not mentioned (5)
1.0.4 (4)
1.3 (4)
1.4 (4)
2.0.0 (4)
4 (4)
5.0.0 (4)
7.53 (4)
Windows Vista (4)
0.7 (3)
1.1.0 (3)
1.2.10 (3)
1.4.2000 (3)
10.3.6.0.0 (3)
17.50.0.1366 (3)
2.0.1 (3)
2.1 (3)
2.2 (3)
2.8.0 (3)
2.8.4 (3)
3 (3)
3.216 (3)
6 (3)
8.0 (3)
8.1 (3)
All (3)
All Version (3)
Firmware <=2.01 (3)
Not provided (3)
not specified (3)
Oracle Database 10g Enterprise Edition Release 10.1.0.3.0 (3)
Struts 2.3.5 - Struts 2.3.31 (3)
Windows Server 2003 (3)
< 10 (2)
< 3.2 (2)
0.0.4 (2)
0.1.9.1b (2)
0.5.0 (2)
0.6 (2)
To
No results found
N/A (156)
Unknown (85)
1.0 (25)
3.5-RC7 (23)
1 (20)
1.2 (8)
2.0 (8)
Not mentioned (8)
1.1 (6)
not specified (6)
1.0.4 (4)
1.3 (4)
2 (4)
4 (4)
4.3.2007 (4)
7.53 (4)
None (4)
Not provided (4)
0.5.0 (3)
1.0.0 (3)
1.2.10 (3)
1.4 (3)
1.6.2 (3)
2.0.1 (3)
2.1 (3)
2.8.4 (3)
3 (3)
3.216 (3)
6.11 (3)
All (3)
All Version (3)
Struts 2.5 - Struts 2.5.10 (3)
Windows 10 (3)
0.0.4 (2)
0.1 (2)
0.1.9.1b (2)
0.6 (2)
0.7 (2)
0.8 (2)
0.9 (2)
03.01 (2)
1.0.2 (2)
1.00-06 (2)
1.1.0 (2)
1.1.2002 (2)
1.11.2 (2)
1.4.1 (2)
1.4.2000 (2)
1.4.2001 (2)
1.4.2002 (2)
Severity Type
No results found
HIGH (1175)
CRITICAL (209)
N/A (95)
MEDIUM (11)
LOW (3)
Severity Number
No results found
7.5 (435)
9 (255)
9.8 (210)
3 (134)
8 (132)
9.3 (127)
N/A (115)
7 (114)
5 (96)
8.8 (77)
Exploit Author
No results found
Unknown (60)
SecurityFocus (53)
rgod (43)
juan vazquez (34)
Kacper (a.k.a Rahim) (23)
sinn3r (22)
Anonymous (18)
LiquidWorm (15)
Francis Provencher (13)
Kingcope (11)
DarkFig (10)
Jay Turla (10)
Askar (9)
Egidio Romano aka EgiX (9)
Dawid Golunski (8)
milw0rm.com (8)
Dj7xpl (7)
EgiX (7)
Michele 'cyberaz0r' Di Bonaventura (7)
Ron Jost (Hacker5preme) (7)
Kacper Szurek (6)
mu-b (6)
N/A (6)
1F98D (5)
BlackHawk (5)
Charles "real" F. (5)
Gjoko 'LiquidWorm' Krstic (5)
Jeremy Brown (5)
Kacper (5)
Kw3[R]Ln (5)
Milad Karimi (Ex3ptionaL) (5)
Shadow Brokers (5)
agix (4)
Brendan Coles (4)
Christian Vierschilling (4)
Eduardo Braun Prado (4)
Fatih Çelik (4)
Jakub Palaczynski (4)
Mohamed Shetta (4)
mr_me (4)
Nine:Situations:Group::bruiser (4)
Nixawk (4)
Not Specified (4)
nuffsaid (4)
Özkan Mustafa Akkuş (AkkuS) (4)
Redteam Pentesting (4)
Shahin (4)
wireghoul (4)
abhishek morla (3)
Andrea "bunker" Purificato (3)
Platforms Tested
No results found
Windows (258)
Linux (211)
N/A (206)
None (78)
Mac (60)
unix (41)
PHP (24)
Windows XP SP3 (20)
Windows XP SP2 (19)
Windows 10 (18)
All (14)
Apache (13)
Windows 7 (13)
Java (12)
OSX (11)
Unknown (10)
Not mentioned (9)
Ubuntu 18.04 (9)
Windows Vista (9)
FireFox (8)
GL.iNet AR300M (7)
win (7)
Windows 2000 SP4 (7)
CentOS (6)
Ruby (6)
Ubuntu (6)
Ubuntu 16.04 (6)
Ubuntu 20.04 (6)
Debian (5)
Kali Linux 2020.2 (5)
Linux x64_x86 (5)
macOS (5)
NA (5)
Solaris (5)
Windows 10 x64 (5)
Windows 2016 (5)
Windows Server 2003 (5)
Android (4)
Mac OS X (4)
PHP 7.4.14 (4)
Python (4)
Ubuntu 20.04 LTS (4)
Windows 2003 SP2 (4)
Windows XP (4)
8.1 (3)
Apache 2.4.41 (3)
Atemio 7600 HD STB (3)
ATEMIO M46506 revision 990 (3)
CentOS 7.3 / PHP 7.1.33 (3)
Debian 9.11 (x64) (3)
Year
Year
No results found
2020 (172)
2018 (90)
2008 (88)
2019 (78)
2009 (76)
2021 (71)
Unknown (70)
2017 (68)
2013 (61)
2007 (59)
2016 (58)
2010 (57)
2006 (56)
2014 (50)
2012 (48)
2011 (46)
2005 (44)
2015 (44)
2023 (39)
2002 (20)
2022 (18)
2024 (14)
2003 (11)
2004 (11)
2001 (8)
Not mentioned (8)
Not Specified (6)
2000 (5)
Not provided (4)
[date] (1)
1998 (1)
1999 (1)
2005-2006 (1)
20090613 (1)
Before 2020 (1)
Feb 22 2013 (1)
May 10 2011 (1)
May 11 2012 (1)
May 21 2012 (1)
N/A (1)
Nov 02 2009 (1)
Oct 20 2011 (1)

Explore all Exploits:

Show More

WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution

The vulnerability in Wordpress Plugin Background Image Cropper v1.2 allows remote attackers to execute arbitrary code on the target system. By uploading a malicious PHP file, an attacker can run commands on the server remotely. This vulnerability has a CVE ID pending assignment.

6.1
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name
Wordpress Plugin Background Image Cropper
Platforms Tested
Windows 10, Firefox
Affected Version
From:
1.2
To:
1.2
2024
Show More

Nokia BMC Log Scanner Remote Code Execution

The BMC Log Scanner web application in Nokia's BMC is vulnerable to command injection attacks, which can be exploited for unauthenticated remote code execution. This vulnerability is critical as the service runs with root privileges. By injecting a malicious command in the Search Pattern field, an attacker can execute arbitrary commands on the target system as root.

6.1
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name
BMC Log Scanner
Platforms Tested
Linux
Affected Version
From:
Up to version 13
To:
Version 13
2023
Show More

Karaf v4.4.3 Console Remote Code Execution

The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.

8.1
CVSS
CRITICAL
Remote Code Execution
RCE-78
CWE
Product Name
Karaf
Platforms Tested
Linux
Affected Version
From:
4.4.2003
To:
4.4.2003
2023
Show More

Metabase 0.46.6 – Pre-Auth Remote Code Execution

A vulnerability in Metabase version 0.46.6 allows remote attackers to execute arbitrary code before authentication. By sending a crafted request to the '/exploitable' endpoint, an attacker can trigger the execution of malicious code on the target server. This vulnerability has been assigned CVE-2023-38646.

8.1
CVSS
CRITICAL
Remote Code Execution
94
CWE
Product Name
Metabase
Platforms Tested
Ubuntu 22.04
Affected Version
From:
0.46.6
To:
0.46.6
2023
Show More

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

The vulnerability in Atemio AM 520 HD Full HD satellite receiver with firmware <=2.01 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, leading to root access.

6.1
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name
Atemio AM 520 HD Full HD satellite receiver
Platforms Tested
GNU/Linux 2.6.32.71 (STMicroelectronics), GNU/Linux 3.14-1.17 (armv7l), GNU/Linux 3.14.2 (mips), ATEMIO M46506 revision 990, Atemio 7600 HD STB
Affected Version
From:
Firmware <=2.01
To:
Firmware <=2.01
Not specified
Show More

DS Wireless Communication Remote Code Execution

The exploit allows injection of arbitrary code into a client's game through a crafted payload. The code author holds no liability for any damages caused by the usage of this exploit. By exploiting this vulnerability, an attacker can execute remote code on the target system.

8.1
CVSS
CRITICAL
Remote Code Execution
77
CWE
Product Name
DS Wireless Communication
Platforms Tested
Wii
Affected Version
From:
Unknown
To:
Unknown
2023
Show More

Juniper SRX Firewalls & EX Switches Remote Code Execution (Pre-Authentication)

The exploit code serves as a vulnerability checker and proof of concept for CVE-2023-36845. It triggers the phpinfo() function on the login page of the target device, enabling inspection of the PHP configuration. The script also provides the option to save the phpinfo() output for further analysis.

6.1
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name
SRX Firewalls & EX Switches
Platforms Tested
JUNOS SM804122pri 15.1X49-D170.4
Affected Version
From:
Versions Prior to 20.4R3-S9,21.1R1,21.2R3-S7,21.3R3-S5,21.4R3-S5,22.1R3-S4,22.2R3-S2,22.3R2-S2/R3-S1,22.4R2-S1/R3,23.2R1-S1/R2
To:
Not provided
2023

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR