header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
89 (8351)
79 (5937)
119 (4722)
78 (2037)
22 (1944)
98 (1882)
N/A (1389)
200 (1304)
400 (1281)
264 (1205)
287 (1099)
352 (1097)
120 (1032)
94 (1031)
20 (1026)
Unknown (897)
434 (850)
269 (267)
416 (254)
284 (219)
121 (196)
134 (187)
190 (149)
399 (138)
611 (120)
426 (115)
476 (110)
Buffer Overflow (110)
120 (Buffer Copy without Checking Size of Input) (104)
362 (95)
125 (92)
601 (87)
428 (86)
843 (86)
502 (85)
787 (84)
798 (79)
122 (77)
427 (73)
Not mentioned (70)
522 (65)
Not provided (59)
80 (55)
259 (54)
918 (44)
113 (40)
285 (40)
613 (39)
614 (37)
None (35)
CPE
No results found
N/A (12110)
Unknown (758)
None (168)
Not mentioned (160)
a:microsoft:internet_explorer (139)
o:microsoft:windows (132)
Not provided (121)
o:linux:linux_kernel (97)
Not Specified (90)
a:joomla:joomla (72)
Not Available (52)
a:wordpress:wordpress (49)
o:apple:mac_os_x (47)
o:freebsd:freebsd (44)
o:microsoft:windows_xp (37)
a:mozilla:firefox (35)
a:php:php (34)
o:microsoft:windows_2000 (34)
a:google:chrome (31)
o:sun:solaris (27)
o:microsoft:windows_2000::sp4 (25)
a:microsoft:iis (23)
a:wireshark:wireshark (23)
a:adobe:flash_player (22)
a:apple:safari (22)
o:microsoft:windows_7 (22)
a:apache:tomcat (21)
o:microsoft:windows_xp::sp2 (18)
a:invision_power_services:invision_power_board (16)
o:microsoft:windows_xp::sp3 (16)
o:sgi:irix (16)
a:apple:quicktime (15)
a:samba:samba (15)
a:mybb:mybb (14)
a:mysql:mysql (14)
a:phpnuke:php-nuke (14)
a:videolan:vlc_media_player (14)
a:cpanel:cpanel (13)
a:microsoft:windows_media_player (13)
a:openemr:openemr (13)
a:opera_software:opera (13)
Solaris (13)
2.0 (12)
a:freepbx:freepbx (12)
a:oracle:virtualbox (12)
a:php:php:5.0.0 (12)
apple:safari (12)
o:cisco:ios (12)
o:google:android (12)
o:hp:hp-ux (12)
Vendor
No results found
N/A (3323)
Microsoft (1764)
WordPress (672)
Unknown (576)
Joomla! (539)
Apple (448)
Sourcecodester (363)
Oracle (319)
IBM (254)
Adobe (242)
Apache (242)
Linux (228)
Cisco (194)
HP (178)
PHP (170)
Mozilla (164)
Google (163)
Sun (141)
D-Link (140)
Novell (125)
Inc (107)
PHPGurukul (106)
Symantec (100)
PHP-Nuke (92)
ManageEngine (91)
Codecanyon (88)
XOOPS (87)
GNU (84)
Ltd. (84)
MyBB (83)
PHP Script Small (83)
phpBB (79)
SAP (76)
FreeBSD (73)
Sun Microsystems (69)
NETGEAR (68)
Not mentioned (68)
SourceForge (67)
vBulletin (64)
Hewlett Packard (61)
TP-Link (60)
Trend Micro (60)
Wireshark (58)
McAfee (57)
Mambo (56)
IPSwitch (54)
Itechscripts (53)
VMware (52)
VideoLAN (51)
e107 (50)
Product Name
No results found
N/A (695)
Internet Explorer (307)
Windows (303)
Linux Kernel (183)
PHP (172)
Unknown (140)
Firefox (115)
Solaris (113)
Joomla (107)
Mac OS X (96)
Flash Player (90)
Windows XP (88)
WordPress (87)
CMS (71)
Safari (65)
Chrome (62)
FreeBSD (57)
vBulletin (57)
Windows 7 (57)
Wireshark (55)
Kernel (54)
PHP-Nuke (54)
MySQL (52)
phpBB (51)
VLC media player (50)
Windows 2000 (50)
Windows 10 (49)
MyBB (48)
IIS (46)
Winamp (45)
AIX (44)
iOS (43)
macOS (40)
Android (38)
Opera (38)
Oracle Database (38)
Tomcat (38)
Windows Media Player (38)
Invision Power Board (37)
Samba (37)
Irix (35)
PHP-Fusion (35)
Linux (33)
phpMyAdmin (33)
osCommerce (32)
RealPlayer (32)
Apache HTTP Server (31)
ProFTPD (31)
Chromium (30)
OpenEMR (30)
Version
From
No results found
N/A (6626)
Unknown (1792)
1 (961)
1.0 (901)
3.1 (726)
1.1 (323)
2 (285)
All versions (234)
1.2 (223)
2.0 (221)
2.1 (175)
3 (157)
1.5 (150)
1.3 (146)
1.0.0 (142)
2.2 (140)
All (119)
1.0.1 (106)
1.4 (100)
v1.0 (98)
0.1 (95)
3.0 (95)
2.5 (94)
4 (90)
1.0.2 (84)
not specified (82)
2.3 (81)
1.6 (74)
Not mentioned (73)
< 3.2 (70)
2.0.0 (70)
6 (68)
5 (64)
1.0.3 (62)
1.7 (61)
3.3 (59)
2.0.1 (57)
2.4 (57)
Windows 7 (57)
1.8 (53)
3.5 (51)
Windows 2000 (51)
0.2 (50)
3.0.0 (48)
Not provided (48)
2.6 (46)
1.0.4 (45)
2.0.2 (45)
4.0 (45)
4.2 (45)
To
No results found
N/A (7012)
Unknown (2684)
1.0 (858)
1 (796)
3.5-RC7 (386)
1.1 (310)
2 (250)
1.2 (247)
2.0 (229)
All versions (221)
2.1 (153)
Not mentioned (153)
3 (152)
1.5 (142)
1.3 (131)
2.2 (129)
not specified (127)
All (118)
Other versions may also be affected. (114)
1.0.0 (111)
1.0.1 (97)
v1.0 (95)
1.0.2 (92)
2.5 (91)
3.0 (91)
1.4 (89)
3.1 (89)
0.1 (83)
Prior versions (79)
Not provided (78)
4 (77)
2.3 (75)
1.6 (72)
5 (66)
1.7 (63)
3.2 (63)
1.0.3 (61)
6 (59)
3.3 (57)
2.4 (56)
Windows 10 (55)
1.8 (54)
2.0.1 (54)
3.5 (49)
None (48)
2.0.2 (47)
2.6 (46)
4.0 (45)
4.2 (45)
0.2 (43)
Severity Type
No results found
HIGH (33263)
MEDIUM (4679)
N/A (2324)
CRITICAL (1705)
LOW (287)
Severity Number
No results found
7.5 (16267)
7 (7608)
5 (6608)
8 (3345)
N/A (2741)
9 (2195)
8.8 (1966)
5.5 (1836)
3 (1433)
9.8 (995)
Exploit Author
No results found
SecurityFocus (6696)
Unknown (2432)
Ihsan Sencan (887)
Gjoko 'LiquidWorm' Krstic (361)
Anonymous (353)
Project Zero (308)
milw0rm.com (271)
juan vazquez (245)
rgod (243)
LiquidWorm (222)
MC (202)
ajann (187)
Luigi Auriemma (187)
N/A (187)
Google Security Research (183)
indoushka (182)
shinnai (162)
sinn3r (154)
hdm (138)
John Page (aka hyp3rlinx) (131)
jduck (121)
cr4wl3r (113)
Hussin X (113)
Not mentioned (111)
Vulnerability Laboratory Research Team (108)
ZoRLu (99)
Kacper (a.k.a Rahim) (92)
nu11secur1ty (91)
mr_me (90)
Easy Laster (89)
CWH Underground (88)
S@BUN (84)
SirGod (83)
Ahmet Ümit BAYRAM (80)
High-Tech Bridge Security Research Lab (80)
xoron (80)
Dr_IDE (78)
Sid3^effects aKa haRi (78)
Todor Donev (75)
hyp3rlinx (74)
Stack (73)
Francis Provencher (71)
High-Tech Bridge SA - Ethical Hacking & Penetration Testing (70)
Ismail Tasdelen (70)
AntiSecurity (69)
His0k4 (68)
Kingcope (65)
ThE g0bL!N (65)
Not Specified (64)
Miroslav Stampar (61)
Platforms Tested
No results found
N/A (12658)
Windows (4998)
Linux (3440)
None (1839)
Mac (981)
Unknown (939)
Windows XP SP3 (683)
WiN7_x64/KaLiLinuX_x64 (546)
Windows 10 (529)
unix (487)
Windows 7 (410)
Kali Linux (332)
PHP (305)
Kali linux X64 (296)
Win7 x64 (276)
Windows XP SP2 (267)
Windows XP (233)
WordPress (196)
iOS (151)
All (142)
Not mentioned (132)
macOS (126)
Ubuntu (120)
Microsoft Windows (117)
Not Specified (106)
Solaris (105)
Apache (99)
Windows 7 x64 (98)
Android (96)
Xampp (91)
FreeBSD (90)
Windows 10 Pro x64 es (80)
Mac OS X (78)
Windows 2000 (77)
Windows 10 x64 (73)
Ubuntu 18.04 (72)
Windows 7 SP1 (70)
Windows Vista (70)
Not provided (69)
Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) (68)
Windows 7 x86 (67)
Windows XP SP3 EN (62)
Kali Linux 2.0 (59)
Windows 10 Pro (59)
Windows XP Professional SP2 (59)
Debian (55)
Linux & Windows (55)
Windows XP Professional SP2 with Internet Explorer 7 (53)
Java (51)
Microsoft Windows XP Professional SP3 (EN) (50)
Year
Year
No results found
2008 (3443)
2009 (3242)
2020 (2781)
Unknown (2618)
2010 (2541)
2002 (2329)
2006 (2050)
2012 (1810)
2005 (1774)
2018 (1744)
2017 (1739)
2007 (1560)
2011 (1328)
2013 (1295)
2019 (1295)
2016 (1130)
2015 (1109)
2021 (1104)
2014 (995)
2023 (733)
2004 (529)
2022 (474)
2001 (444)
2003 (387)
2000 (238)
N/A (178)
2024 (155)
Not mentioned (138)
1999 (136)
Not provided (89)
Not Specified (89)
1998 (72)
1997 (48)
1996 (16)
Not available (9)
HIGH (6)
None (6)
[date] (4)
2005-2006 (4)
0day (3)
1994 (3)
Discovered in 2020 (3)
Found in 2020 (3)
MEDIUM (3)
TBD (3)
1988 (2)
2003-2004 (2)
2004-2019 (2)
2006-2007 (2)
2009/2010 (2)

Explore all Exploits:

Show More

HostAdmin Remote File Inclusion Exploit

HostAdmin is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name
HostAdmin
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

HTML::BBCode HTML-injection Vulnerability

HTML::BBCode is prone to an HTML-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name
HTML::BBCode
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

MyBB Multiple SQL Injection Vulnerabilities

MyBB is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site, modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks may also be possible.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
MyBB
Platforms Tested
N/A
Affected Version
From:
1.0.3
To:
1.0.3
2005
Show More

SAP Business Connector Input Validation Vulnerability

SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators.

4.3
CVSS
MEDIUM
Input Validation
20
CWE
Product Name
Business Connector
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

SAP Business Connector File Access/Deletion Vulnerability

SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error. A successful attack will result in the disclosure of sensitive or privileged information. An attacker may also delete arbitrary files. This often occurs with superuser privileges, since the package is often run with elevated privileges to gain access to TCP ports lower than 1024.

7.5
CVSS
HIGH
File Access/Deletion
264
CWE
Product Name
Business Connector
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

My Blog HTML-injection Vulnerability

My Blog is prone to an HTML-injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

8.8
CVSS
HIGH
HTML-injection
79
CWE
Product Name
My Blog
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

Mantis Multiple Input-Validation Vulnerabilities

Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

8.8
CVSS
HIGH
Cross-site Scripting and SQL-Injection
79, 89
CWE
Product Name
Mantis
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

RunCMS SQL Injection Vulnerability

RunCMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
RunCMS
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005
Show More

Dotproject Multiple Remote File-Include Vulnerabilities

Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.

7.5
CVSS
HIGH
Remote File-Include
94
CWE
Product Name
Dotproject
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2005

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR

cqrsecured