The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2018-10-15	NoMachine 5.3.26 Remote Code Execution	19	REMOTE	hyp3rlinx
2018-10-11	DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite	14	REMOTE	wetw0rk
2018-10-11	Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow	7	REMOTE	t4rkd3vilz
2018-10-11	MicroTik RouterOS < 6.43rc3 - Remote Root	10	REMOTE	Jacob Baines
2018-10-09	Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow	14	REMOTE	hubertwslin
2018-10-09	Cisco Prime Infrastructure - Unauthenticated Remote Code Execution	10	REMOTE	Pedro Ribeiro
2018-10-08	Unitrends UEB HTTP API Remote Code Execution	9	REMOTE	h00die
2018-09-19	NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)	45	REMOTE	Jacob Baines
2018-09-18	CA Release Automation NiMi 6.5 - Remote Command Execution	35	REMOTE	Jakub Palaczynski
2018-09-17	Apache Syncope 2.0.7 Remote Code Execution	42	REMOTE	Che-Chun Kuo

Local Exploits

Date	Description		Plat.	Author
2018-10-18	Git Submodule Arbitrary Code Execution	3	LOCAL	joernchen
2018-10-18	Any Sound Recorder 2.93 Buffer Overflow	4	LOCAL	Abdullah Alıç
2018-10-16	Snes9K 0.0.9z - Buffer Overflow (SEH)	4	LOCAL	Abdullah Alıç
2018-10-16	Solaris RSH Stack Clash Privilege Escalation	3	LOCAL	Brendan Coles
2018-10-12	Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Inject	11	LOCAL	hyp3rlinx
2018-10-12	Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injecti	4	LOCAL	hyp3rlinx
2018-10-12	Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection	3	LOCAL	hyp3rlinx
2018-10-11	VLC Media Player 2.2.8 MKV Use-After-Free	11	LOCAL	GovTech
2018-10-10	Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)	4	LOCAL	Matteo Malvica
2018-10-09	ifwatchd Privilege Escalation	5	LOCAL	Brendan Coles

Web Applications

Date	Description		Plat.	Author
2018-10-17	Heatmiser Wifi Thermostat 1.7 - Credential Disclosure	7	WEB	d0wnp0ur
2018-10-16	Academic Timetable Final Build 7.0 - Information Disclosure	7	WEB	Ihsan Sencan
2018-10-16	FLIR Brickstream 3D+ - RTSP Stream Disclosure	3	WEB	LiquidWorm
2018-10-16	FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution	4	WEB	LiquidWorm
2018-10-15	FluxBB < 1.5.6 - SQL Injection	5	WEB	secthrowaway
2018-10-15	Phoenix Contact WebVisit 2985725 - Authentication Bypass	3	WEB	Photubias
2018-10-12	Phoenix Contact WebVisit 6.40.00 - Password Disclosure	6	WEB	Photubias
2018-10-09	Imperva SecureSphere 13 - Remote Command Execution	20	WEB	rsp3ar
2018-10-09	FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure	5	WEB	LiquidWorm
2018-10-08	Navigate CMS Unauthenticated Remote Code Execution	5	WEB	Pyriphlegethon

DoS/PoC

Date	Description		Plat.	Author
2018-10-11	FileZilla 3.33 - Buffer Overflow (PoC)	10	DOS	Kağan Çapar
2018-10-10	Microsoft Edge Chakra JIT - Type Confusion	6	DOS	Google Security Research
2018-10-10	Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass	3	DOS	Google Security Research
2018-10-09	Linux - Kernel Pointer Leak via BPF	6	DOS	Google Security Research
2018-10-09	net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)	5	DOS	Magnus Klaaborg Stubman
2018-10-08	FTP Voyager 16.2.0 - Denial of Service (PoC)	4	DOS	Abdullah Alıç
2018-09-28	AppArmor Filesystem Blacklisting Bypass	7	DOS	Google Security Research
2018-09-27	CrossFont 7.5 - Denial of Service (PoC)	7	DOS	Gionathan Reale
2018-09-27	TransMac 12.2 - Denial of Service (PoC)	10	DOS	Gionathan Reale
2018-09-26	WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIf	10	DOS	Google Security Research

Shellcode

Date	Description		Plat.	Author
2018-10-09	Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shel	11	SHELLCODE	cq674350529
2018-10-09	Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 byt	7	SHELLCODE	Kartik Durg
2018-10-08	Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)	4	SHELLCODE	Pedro Cabral
2018-09-27	Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 By	13	SHELLCODE	Ken Kitahara
2018-09-25	Linux/ARM - sigaction() Based Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) S	5	SHELLCODE	Ken Kitahara
2018-09-25	Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes	8	SHELLCODE	Ken Kitahara
2018-09-21	Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)	5	SHELLCODE	Valerio Brussani
2018-09-18	Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Byt	10	SHELLCODE	Ken Kitahara
2018-09-17	Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellco	10	SHELLCODE	Ray Doyle
2018-09-17	Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic She	8	SHELLCODE	Ray Doyle

Papers

Date	Description		Plat.	Author
2018-10-09	A Red Teamer’s guide to pivoting	10	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	5	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	208	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	279	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	242	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	291	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	274	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	425	PAPERS	CWH Underground
2011-10-12	Reverse Shell Cheat Sheet	290	PAPERS	pentestmonkey
2011-10-09	Beyond SQLi: Obfuscate and Bypass	257	PAPERS	ZeQ3uL