The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2018-04-19	Easy File Sharing Web Server 7.2 - Stack Buffer Overflow	19	REMOTE	rebeyond
2018-04-19	Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Meta	7	REMOTE	José Ignacio Rojo
2018-04-13	F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure	25	REMOTE	0x00string
2018-04-08	Adobe Flash 28.0.0.137 Remote Code Execution	44	REMOTE	SyFi
2018-04-04	Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection	24	REMOTE	Talos
2018-04-03	Nginx 1.13.10 Accept-Encoding Line Feed Injection	71	REMOTE	Keiliikoa Kirland
2018-04-02	Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Bu	20	REMOTE	Chris Lyne
2018-03-30	ManageEngine Application Manager Remote Code Execution	35	REMOTE	Mehmet Ince
2018-03-30	Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)	23	REMOTE	Daniel Teixeira
2018-03-30	GitStack - Unsanitized Argument Remote Code Execution (Metasploit)	18	REMOTE	Jacob Robles

Local Exploits

Date	Description		Plat.	Author
2018-04-19	AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution	4	LOCAL	Securifera
2018-04-19	Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service	3	LOCAL	Sahil Tikoo
2018-04-19	Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service	2	LOCAL	Sahil Tikoo
2018-04-19	CloudMe Sync 1.11.0 Local Buffer Overflow	2	LOCAL	Prasenjit Kanti Paul
2018-04-19	Zortam MP3 Media Studio 23.45 Buffer Overflow	2	LOCAL	Kevin McGuigan
2018-04-19	Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privile	3	LOCAL	xiaodaozhi
2018-04-19	Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017)	5	LOCAL	xiaodaozhi
2018-04-19	Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039)	5	LOCAL	xiaodaozhi
2018-04-16	GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation	5	LOCAL	Pirhack
2018-04-12	SysGauge Pro 4.6.12 Local Buffer Overflow	5	LOCAL	Hashim Jawad

Web Applications

Date	Description		Plat.	Author
2018-04-19	Lutron Quantum 2.0 - 3.2.243 - Information Disclosure	5	WEB	SadFud
2018-04-16	MikroTik 6.41.4 - FTP daemon Denial of Service PoC	3	WEB	FarazPajohan
2018-04-16	Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut	12	WEB	Hans Topo
2018-04-16	Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut	7	WEB	Vitalii Rudnykh
2018-04-10	CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Executi	11	WEB	RedTeam Pentesting
2018-04-04	ProcessMaker Plugin Code Execution	22	WEB	Brendan Coles
2018-04-04	DuckDuckGo 4.2.0 WebRTC Private IP Leakage	19	WEB	Brendan Coles
2018-04-02	Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)	29	WEB	Touhid M.Shaikh
2018-04-02	osCommerce 2.3.4.1 - Remote Code Execution	20	WEB	Simon Scannell
2018-04-02	Homematic CCU2 2.29.23 - Remote Command Execution	21	WEB	Gregor Kopf

DoS/PoC

Date	Description		Plat.	Author
2018-04-19	VX Search 10.6.18 - 'directory' Local Buffer Overflow	2	DOS	Kevin McGuigan
2018-04-19	Facebook Graph Groups Crosswalk User Metadata Mapping Weakness	1	DOS	Todor Donev
2018-04-19	Facebook Graph Phone Number Metadata Crosswalk Mapping Proof Of Concept	1	DOS	Todor Donev
2018-04-19	Facebook Graph Metadata Crosswalk Mapping Proof Of Concept	1	DOS	Todor Donev
2018-04-17	Barco ClickShare CSE-200 - Remote Denial of Service	4	DOS	Florian Hauser
2018-04-11	Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Conf	6	DOS	Google Security Research
2018-04-10	CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure	6	DOS	RedTeam Pentesting
2018-04-08	Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods	10	DOS	Google Security Research
2018-04-04	Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)	18	DOS	Google Security Research
2018-04-04	Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)	19	DOS	Google Security Research

Shellcode

Date	Description		Plat.	Author
2018-04-12	Linux/x64 - x64 Assembly Shellcode (Generator)	11	SHELLCODE	0x4ndr3
2018-03-26	Linux/x86 - EggHunter Shellcode (11 Bytes)	24	SHELLCODE	Anurag Srivastava
2018-03-21	Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)	29	SHELLCODE	Anurag Srivastava
2018-02-26	Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190)	68	SHELLCODE	rtmcx
2018-02-05	Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode	69	SHELLCODE	0x4ndr3
2018-02-05	Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Genera	64	SHELLCODE	0x4ndr3
2018-02-05	Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode	66	SHELLCODE	0x4ndr3
2018-02-05	Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)	59	SHELLCODE	0x4ndr3
2018-02-05	Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567	68	SHELLCODE	0x4ndr3
2018-02-05	Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (	73	SHELLCODE	0x4ndr3

Papers

Date	Description		Plat.	Author
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	109	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	154	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	146	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	221	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	234	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	348	PAPERS	CWH Underground
2011-10-12	Reverse Shell Cheat Sheet	238	PAPERS	pentestmonkey
2011-10-09	Beyond SQLi: Obfuscate and Bypass	205	PAPERS	ZeQ3uL
2011-06-02	Local File Inclusion to Remote Command Execution using SSH	306	PAPERS	LaNMaSteR53
2011-04-27	offsec官方渗透测试报告	683	PAPERS	admin