The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2020-09-18	Microsoft SQL Server Reporting Services 2016 - Remote Code Execution	585	REMOTE	WEST SHEPHERD
2020-08-05	CompleteFTP Professional 12.1.3 - Remote Code Execution	339	REMOTE	1F98D
2020-07-06	vCloud Director 9.7.0.15498291 - Remote Code Execution	207	REMOTE	AARONSVK
2020-06-10	Microsoft Windows - 'SMBGhost' Remote Code Execution	456	REMOTE	chompie1337
2020-06-10	vCloud Director 9.7.0.15498291 - Remote Code Execution	121	REMOTE	aaronsvk
2020-02-25	Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metaspl	691	REMOTE	Matthew Aberegg
2018-12-29	Hashicorp Consul Rexec Remote Command Execution	1426	REMOTE	Quentin Kaiser
2018-12-29	Hashicorp Consul Services API Remote Command Execution	324	REMOTE	Quentin Kaiser
2018-12-25	Kubernetes - (Authenticated) Arbitrary Requests	202	REMOTE	evict
2018-12-25	Kubernetes - (Unauthenticated) Arbitrary Requests	185	REMOTE	evict

Local Exploits

Date	Description		Plat.	Author
2020-01-22	NEOWISE CARBONFTP 1.4 - Weak Password Encryption	303	LOCAL	hyp3rlinx
2020-01-20	Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)	106	LOCAL	bcoles
2019-01-03	Ayukov NFTP FTP Client 2.0 Buffer Overflow	732	LOCAL	Uday Mittal
2018-12-28	Terminal Services Manager 3.1 Local Buffer Overflow	157	LOCAL	bzyo
2018-12-28	Iperius Backup 5.8.1 Buffer Overflow	122	LOCAL	bzyo
2018-12-28	MAGIX Music Editor 3.1 Buffer Overflow	108	LOCAL	bzyo
2018-12-25	Keybase keybase-redirector - '$PATH' Local Privilege Escalation	163	LOCAL	mirchr
2018-12-24	ATool 1.0.0.22 Buffer Overflow	162	LOCAL	Aloyce J. Makalanga
2018-12-24	AnyBurn 4.3 Local Buffer Overflow	97	LOCAL	Matteo Malvica
2018-12-24	GIGABYTE Driver Privilege Escalation	161	LOCAL	SecureAuth

Web Applications

Date	Description		Plat.	Author
2020-01-22	Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)	426	WEB	TheCyberGeek
2019-01-04	Apache CouchDB 2.3.0 Cross Site Request Forgery	826	WEB	Ozer Goker
2019-01-03	Vtiger CRM 7.1.0 Remote Code Execution	375	WEB	Ozkan Mustafa Akkus
2018-12-25	phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read	830	WEB	VulnSpy
2018-12-17	Huawei Router HG532e Command Execution	397	WEB	Rebellion
2018-12-12	ThinkPHP 5.x Remote Code Execution	1053	WEB	VulnSpy
2018-12-12	WordPress Snap Creek Duplicator Code Injection	380	WEB	Julien Legras
2018-12-12	PrestaShop 1.6.x / 1.7.x Remote Code Execution	217	WEB	farisv
2018-12-10	i-doit CMDB 1.11.2 - Remote Code Execution	176	WEB	AkkuS
2018-12-06	HasanMWB 1.0 SQL Injection	241	WEB	Ihsan Sencan

DoS/PoC

Date	Description		Plat.	Author
2020-01-22	Sysax Multi Server 5.50 - Denial of Service (PoC)	213	DOS	Shailesh Kumavat
2019-01-03	EZ CD Audio Converter 8.0.7 Denial Of Service	268	DOS	Achilles
2019-01-03	NetworkSleuth 3.0.0.0 Denial Of Service	179	DOS	Luis Martinez
2019-01-03	NBMonitor Network Bandwidth Monitor 1.6.5.0 Denial Of Service	197	DOS	Luis Martinez
2018-12-29	WebKit JSC AbstractValue::set Use-After-Free	136	DOS	lokihardt
2018-12-29	WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write	127	DOS	lokihardt
2018-12-28	Armitage 1.14.11 Denial Of Service	96	DOS	Mr Winst0n
2018-12-28	NetShareWatcher 1.5.8 Denial Of Service	88	DOS	T3jv1l
2018-12-28	ShareAlarmPro 2.1.4 Denial Of Service	97	DOS	T3jv1l
2018-12-28	Product Key Explorer 4.0.9 Denial Of Service	119	DOS	T3jv1l

Shellcode

Date	Description		Plat.	Author
2018-12-25	Linux/x86 - Kill All Processes Shellcode (14 bytes)	735	SHELLCODE	strider
2018-12-20	Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)	202	SHELLCODE	Kağan Çapar
2018-12-12	Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95	247	SHELLCODE	T3jv1l
2018-12-05	Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	196	SHELLCODE	Kağan Çapar
2018-12-05	Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)	153	SHELLCODE	Nelis
2018-11-14	Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shel	383	SHELLCODE	Javier Tello
2018-11-01	Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	302	SHELLCODE	Roziul Hasan Khan Shifat
2018-10-25	Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	174	SHELLCODE	Goutham Madhwaraj
2018-10-09	Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shel	179	SHELLCODE	cq674350529
2018-10-09	Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 byt	153	SHELLCODE	Kartik Durg

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	273	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	162	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	136	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	119	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	915	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	614	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	700	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	462	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	427	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	627	PAPERS	CWH Underground