Exploit 2023- H 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000
2023 - January February March April May June July August September October November December
DATE
NAME
CATEGORY
Exploit
6.9.23
3.5.2023
GLPI 9.5.7 - Username Enumeration
WebApps
PHP
Companymaps v8.0 - Stored Cross Site Scripting (XSS)
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
FS-S3900-24T4S - Privilege Escalation
Local
Hardware
OpenEMR v7.0.1 - Authentication credentials brute force
Advanced Host Monitor v12.56 - Unquoted Service Path
Windows
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
Serendipity 2.4.0 - File Inclusion RCE
admidio v4.2.5 - CSV Injection
revive-adserver v5.4.1 - Cross-Site Scripting (XSS)
projectSend r1605 - Private file download
phpMyFAQ v3.1.12 - CSV Injection
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
1.5.2023
ChurchCRM v4.5.1 - Authenticated SQL Injection
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
Wondershare Filmora 12.2.9.2233 - Unquoted Service Path
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path
Mars Stealer 8.3 - Admin Account Takeover
PaperCut NG/MG 22.0.4 - Authentication Bypass
Multiple
OCS Inventory NG 2.3.0.0 - Unquoted Service Path
KodExplorer 4.49 - CSRF to Arbitrary File Upload
16.4.23
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
Remote
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal
ASP
Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)
macOS
Bludit 4.0.0-rc-2 - Account takeover
11.4.23
6.4.23
craftercms 4.x.x - CORS
Purchase Order Management-1.0 - Local File Inclusion
WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE
HospitalRun 1.0.0-beta - Local Root Exploit for macOS
Unified Remote 3.13.0 - Remote Code Execution (RCE)
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
CGI
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection
Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
ChurchCRM v4.5.3-121fcc1 - SQL Injection
flatnux 2021-03.25 - Remote Code Execution (Authenticated)
ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access
pdfkit v0.8.7.2 - Command Injection
Ruby
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
Music Gallery Site v1.0 - SQL Injection on page Master.php
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
Music Gallery Site v1.0 - Broken Access Control
Music Gallery Site v1.0 - SQL Injection on music_list.php
Employee Task Management System v1.0 - SQL Injection on edit-task.php
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
Employee Task Management System v1.0 - Broken Authentication
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
Auto Dealer Management System v1.0 - SQL Injection
Auto Dealer Management System 1.0 - Broken Access Control Exploit
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Best pos Management System v1.0 - SQL Injection
Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking
POLR URL 2.3.0 - Shortener Admin Takeover
modoboa 2.0.4 - Admin TakeOver
Python
LDAP Tool Box Self Service Password v1.5.2 - Account takeover
Intern Record System v1.0 - SQL Injection (Unauthenticated)
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
Art Gallery Management System Project in PHP v 1.0 - SQL injection
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
Dompdf 1.2.1 - Remote Code Execution (RCE)
Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking
EasyNas 1.1.0 - OS Command Injection
Perl
XWorm Trojan 2.1 - Null Pointer Derefernce DoS
DoS
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
Apache Tomcat 10.1 - Denial Of Service
ImageMagick 7.1.0-49 - Arbitrary File Read
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
Answerdev 1.0.3 - Account Takeover
Go
ImageMagick 7.1.0-49 - DoS
ERPNext 12.29 - Cross-Site Scripting (XSS)
Java
BTCPay Server v1.7.4 - HTML Injection.
itech TrainSmart r1044 - SQL injection
GNU screen v4.9.0 - Privilege Escalation
Linux
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
Binwalk v2.3.2 - Remote Command Execution (RCE)
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Liferay Portal 6.2.5 - Insecure Permissions
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
zstore 6.6.0 - Cross-Site Scripting (XSS)
Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
projectSend r1605 - Remote Code Exectution RCE
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
PhotoShow 3.0 - Remote Code Execution
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
Roxy WI v6.1.0.0 - Improper Authentication Control
sleuthkit 4.11.1 - Command Injection
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
ManageEngin AMP 4.3.0 - File-path-traversal
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
ERPGo SaaS 3.9 - CSV Injection
AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated
Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
SLIMSV 9.5.2 - Cross-Site Scripting (XSS)
Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path
Solaris 10 libXm - Buffer overflow Local privilege escalation
Solaris
Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
Nacos 2.0.3 - Access Control vulnerability
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Windows 11 10.0.22000 - Backup service Privilege Escalation
ChiKoi v1.0 - SQL Injection
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
2.4.23
ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)
ASPX
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
Apache 2.4.x - Buffer Overflow
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
SugarCRM 12.2.0 - Remote Code Execution (RCE)
perfSONAR v4.4.5 - Partial Blind CSRF
XCMS v1.83 - Remote Command Execution (RCE)
AD Manager Plus 7122 - Remote Code Execution (RCE)
Splashtop 8.71.12001.0 - Unquoted Service Path
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
Enlightenment v0.25.3 - Privilege escalation
GeoVision Camera GV-ADR2701 - Authentication Bypass
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
Bangresto 1.0 - SQL Injection
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service (DoS)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass (IDOR)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery
SOUND4 Server Service 4.1.102 - Local Privilege Escalation
Cacti v1.2.22 - Remote Command Execution (RCE)
Judging Management System v1.0 - Authentication Bypass
Judging Management System v1.0 - Remote Code Execution (RCE)
rconfig 3.9.7 - Sql Injection (Authenticated)
Spitfire CMS 1.0.475 - PHP Object Injection
Senayan Library Management System v9.0.0 - SQL Injection
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
WooCommerce v7.1.0 - Remote Code Execution(RCE)
ASKEY RTF3505VW-N1 - Privilege Escalation
EQ Enterprise management system v2.2.0 - SQL Injection
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
WPForms 1.7.8 - Cross-Site Scripting (XSS)
Zillya Total Security 3.0.2367.0 - Local Privilege Escalation
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
4images 1.9 - Remote Command Execution (RCE)
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
Concrete5 CME v9.1.3 - Xpath injection
Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
Virtual Reception v1.0 - Web Server Directory Traversal
Covenant v0.5 - Remote Code Execution (RCE)
Ecommerse v1.0 - Cross-Site Scripting (XSS)
Boa Web Server v0.94.14 - Authentication Bypass
Router ZTE-H108NS - Authentication Bypass
Router ZTE-H108NS - Stack Buffer Overflow (DoS)
myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)
ClicShopping v3.402 - Cross-Site Scripting (XSS)
Dreamer CMS v4.0.0 - SQL Injection
Revenue Collection System v1.0 - Remote Code Execution (RCE)
Helmet Store Showroom v1.0 - SQL Injection
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
Outline V1.6.0 - Unquoted Service Path
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)
Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
Senayan Library Management System v9.5.0 - SQL Injection
iBooking v1.0.8 - Arbitrary File Upload
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
Hashicorp Consul v1.0 - Remote Command Execution (RCE)
Social-Share-Buttons v2.2.3 - SQL Injection
Moodle LMS 4.0 - Cross-Site Scripting (XSS)
Tunnel Interface Driver - Denial of Service
OPSWAT Metadefender Core - Privilege Escalation
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
JSP
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path
HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path
Jetpack 11.4 - Cross Site Scripting (XSS)
Online shopping system advanced 1.0 - Multiple Vulnerabilities
SuperMailer v11.20 - Buffer overflow DoS
YouPHPTube<= 7.8 - Multiple Vulnerabilities
VMware Workstation 15 Pro - Denial of Service
Pega Platform 8.1.0 - Remote Code Execution (RCE)
Beauty-salon v1.0 - Remote Code Execution (RCE)
MiniDVBLinux 5.4 - Arbitrary File Read
MiniDVBLinux 5.4 - Remote Root Command Injection
MiniDVBLinux 5.4 - Unauthenticated Stream Disclosure
MiniDVBLinux 5.4 - Change Root Password
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
FortiOS, FortiProxy, FortiSwitchManager v7.2.1 - Authentication Bypass
MiniDVBLinux <=5.4 - Config Download Exploit
AVS Audio Converter 10.3 - Stack Overflow (SEH)
WebTareas 2.4 - RCE (Authorized)
WebTareas 2.4 - Reflected XSS (Unauthorised)
WebTareas 2.4 - SQL Injection (Unauthorised)
Atom CMS v2.0 - SQL Injection (no auth)
Aero CMS v0.0.1 - PHP Code Injection (auth)
Aero CMS v0.0.1 - SQL Injection (no auth)
Desktop Central 9.1.0 - Multiple Vulnerabilities
Scdbg 1.0 - Buffer overflow DoS
Hex Workshop v6.7 - Buffer overflow DoS
Resource Hacker v3.6.0.92 - Buffer overflow
Frhed (Free hex editor) v1.6.0 - Buffer overflow
Explorer32++ v1.3.5.531 - Buffer overflow
Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)
Grafana <=6.2.4 - HTML Injection
TypeScript
WiFi Mouse 1.8.3.2 - Remote Code Execution (RCE)
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)
Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path
Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path
Canteen-Management v1.0 - SQL Injection
Canteen-Management v1.0 - XSS-Reflected
25.3.23
PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
Abantecart v1.3.2 - Authenticated Remote Code Execution
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
ImpressCMS v1.4.3 - Authenticated SQL Injection
Password Manager for IIS v2.0 - XSS
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
DLink DIR 819 A1 - Denial of Service
GuppY CMS v6.00.10 - Remote Code Execution
NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle
Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal
Employee Performance Evaluation System v1.0 - File Inclusion and RCE
Yoga Class Registration System v1.0 - Multiple SQLi
Human Resources Management System v1.0 - Multiple SQLi
D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution
Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)
System Mechanic v15.5.0.61 - Arbitrary Read/Write
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
"camp" Raspberry Pi camera server 1.0 - Authentication Bypass
24.3.23
Bitbucket v7.0.0 - RCE
wkhtmltopdf 0.12.6 - Server Side Request Forgery
WorkOrder CMS 0.1.0 - SQL Injection
MAN-EAM-0003 V3.2.4 - XXE
Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities
23.3.23
Linksys AX3200 V1.1.00 - Command Injection
SoX 14.4.2 - Denial Of Service
VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities
28.2.23
EXFILTRATOR-22
RIG Exploit Kit In-Depth Analysis
4.2.23
SH1MMER