Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2017-10-16   Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) 9 REMOTE wetw0rk
2017-10-13   Sync Breeze Enterprise 10.1.16 SEH Overflow 15 REMOTE wetw0rk
2017-10-12   VX Search Enterprise 10.1.12 - Buffer Overflow 8 REMOTE Revnic Vasile
2017-10-11   Trend Micro OfficeScan Remote Code Execution 13 REMOTE Mehmet Ince
2017-10-10   Unitrends UEB 9.1 bpserverd Remote Command Execution 12 REMOTE Jared Arave
2017-10-10   Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution 4 REMOTE Jared Arave
2017-10-10   OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit) 7 REMOTE ricardojba1
2017-10-10   Rancher Server - Docker Daemon Code Execution (Metasploit) 4 REMOTE Martin Pizala
2017-10-10   Qmail SMTP - Bash Environment Variable Injection (Metasploit) 7 REMOTE Mario Ledo
2017-10-10   Sync Breeze Enterprise 10.0.28 - Buffer Overflow 2 REMOTE Owais Mehtab

Local Exploits

Date D   Description Plat. Author
2017-10-13   Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS 8 LOCAL Ernesto Fernandez
2017-10-12   ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow 4 LOCAL Parichay Rai
2017-10-11   ASX To MP3 Converter Stack Overflow 5 LOCAL Nitesh Shilpkar
2017-10-10   Unitrends UEB 9.1 Privilege Escalation 4 LOCAL Jared Arave
2017-10-10   DiskBoss Enterprise 8.4.16 - Local Buffer Overflow 2 LOCAL C4t0ps1s
2017-10-10   Microsoft Word 2007 (x86) - Information Disclosure 8 LOCAL Eduardo Braun Prado
2017-10-10   Dup Scout Enterprise 10.0.18 - 'Import Command' Buffer Overflow 2 LOCAL Touhid M.Shaikh
2017-10-10   DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow 6 LOCAL Touhid M.Shaikh
2017-09-26   CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) 10 LOCAL f3ci
2017-09-18   Netdecision 5.8.2 - Local Privilege Escalation 13 LOCAL Peter Baris

Web Applications

Date D   Description Plat. Author
2017-10-17   Webmin 1.850 SSRF / CSRF / Cross Site Scripting 2 WEB hyp3rlinx
2017-10-13   Tomcat JSP Upload Bypass Remote Code Execution 12 WEB peewpw
2017-10-12   Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execu 5 WEB Mehmet Ince
2017-10-10   ERS Data System 1.8.1 Java Deserialization 8 WEB West Shepherd
2017-10-10   Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass 14 WEB intx0x80
2017-10-10   ClipBucket 2.8.3 - Remote Code Execution 4 WEB Meisam Monsef
2017-10-10   FileRun < 2017.09.18 - SQL Injection 7 WEB SPARC
2017-09-28   Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation 8 WEB forsec
2017-09-26   FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures 6 WEB LiquidWorm
2017-09-26   FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Ex 4 WEB LiquidWorm

DoS/PoC

Date D   Description Plat. Author
2017-10-17   Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption 2 DOS Wolfgang Ettlinger
2017-10-16   Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers 1 DOS lokihardt
2017-10-16   Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call 1 DOS lokihardt
2017-10-16   Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns 2 DOS lokihardt
2017-10-16   Opentext Documentum Content Server File Hijack / Privilege Escalation 1 DOS Andrey B. Panfilov
2017-10-16   Opentext Documentum Content Server Privilege Escalation 1 DOS Andrey B. Panfilov
2017-10-16   Opentext Documentum Content Server File Download 0 DOS Andrey B. Panfilov
2017-10-16   Opentext Documentum Content Server Privilege Escalation 1 DOS Andrey B. Panfilov
2017-10-11   IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit) 9 DOS Dhiraj Mishra
2017-10-10   PyroBatchFTP 3.17 - Buffer Overflow (SEH) 6 DOS Kevin McGuigan

Shellcode

Date D   Description Plat. Author
2017-10-16   Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) 3 SHELLCODE Manuel Mancera
2017-09-27   Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) 5 SHELLCODE Touhid M.Shaikh
2017-09-11   Linux/ARM (Raspberry Pi) - Reverse TCP Shell (192.168.0.12:4444/TCP) Shellcode ( 7 SHELLCODE Andrea Sindoni
2017-09-11   Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes) 1 SHELLCODE Andrea Sindoni
2017-09-01   Linux/x86 - Fork Bomb Shellcode (9 bytes) 7 SHELLCODE Touhid M.Shaikh
2017-08-22   Linux/x86_64 - Fork Bomb Shellcode (11 bytes) 10 SHELLCODE Touhid M.Shaikh
2017-08-22   Linux/x86_64 - kill All Processes Shellcode (19 bytes) 9 SHELLCODE Touhid M.Shaikh
2017-08-21   Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) 10 SHELLCODE Touhid M.Shaikh
2017-08-07   Linux x86 - /bin/sh Shellcode (24 bytes) 14 SHELLCODE Touhid M.Shaikh
2017-07-21   Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) 16 SHELLCODE m4n3dw0lf

Papers

Date D   Description Plat. Author
2017-08-28   Abusing Token Privileges For LPE 19 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 65 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 141 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 116 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 253 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 148 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 135 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 187 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 506 PAPERS admin