
The Exploit Database
The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
Remote Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2020-09-18 |
![]() |
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution | 585 | REMOTE | WEST SHEPHERD |
2020-08-05 |
![]() |
CompleteFTP Professional 12.1.3 - Remote Code Execution | 339 | REMOTE | 1F98D |
2020-07-06 |
![]() |
vCloud Director 9.7.0.15498291 - Remote Code Execution | 207 | REMOTE | AARONSVK |
2020-06-10 |
![]() |
Microsoft Windows - 'SMBGhost' Remote Code Execution | 456 | REMOTE | chompie1337 |
2020-06-10 |
![]() |
vCloud Director 9.7.0.15498291 - Remote Code Execution | 121 | REMOTE | aaronsvk |
2020-02-25 |
![]() |
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metaspl | 691 | REMOTE | Matthew Aberegg |
2018-12-29 |
![]() |
Hashicorp Consul Rexec Remote Command Execution | 1426 | REMOTE | Quentin Kaiser |
2018-12-29 |
![]() |
Hashicorp Consul Services API Remote Command Execution | 324 | REMOTE | Quentin Kaiser |
2018-12-25 |
![]() |
Kubernetes - (Authenticated) Arbitrary Requests | 202 | REMOTE | evict |
2018-12-25 |
![]() |
Kubernetes - (Unauthenticated) Arbitrary Requests | 185 | REMOTE | evict |
Local Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2020-01-22 |
![]() |
NEOWISE CARBONFTP 1.4 - Weak Password Encryption | 303 | LOCAL | hyp3rlinx |
2020-01-20 |
![]() |
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit) | 106 | LOCAL | bcoles |
2019-01-03 |
![]() |
Ayukov NFTP FTP Client 2.0 Buffer Overflow | 732 | LOCAL | Uday Mittal |
2018-12-28 |
![]() |
Terminal Services Manager 3.1 Local Buffer Overflow | 157 | LOCAL | bzyo |
2018-12-28 |
![]() |
Iperius Backup 5.8.1 Buffer Overflow | 122 | LOCAL | bzyo |
2018-12-28 |
![]() |
MAGIX Music Editor 3.1 Buffer Overflow | 108 | LOCAL | bzyo |
2018-12-25 |
![]() |
Keybase keybase-redirector - '$PATH' Local Privilege Escalation | 163 | LOCAL | mirchr |
2018-12-24 |
![]() |
ATool 1.0.0.22 Buffer Overflow | 162 | LOCAL | Aloyce J. Makalanga |
2018-12-24 |
![]() |
AnyBurn 4.3 Local Buffer Overflow | 97 | LOCAL | Matteo Malvica |
2018-12-24 |
![]() |
GIGABYTE Driver Privilege Escalation | 161 | LOCAL | SecureAuth |
Web Applications
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2020-01-22 | ![]() |
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit) | 426 | WEB | TheCyberGeek |
2019-01-04 | ![]() |
Apache CouchDB 2.3.0 Cross Site Request Forgery | 826 | WEB | Ozer Goker |
2019-01-03 | ![]() |
Vtiger CRM 7.1.0 Remote Code Execution | 375 | WEB | Ozkan Mustafa Akkus |
2018-12-25 | ![]() |
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read | 830 | WEB | VulnSpy |
2018-12-17 | ![]() |
Huawei Router HG532e Command Execution | 397 | WEB | Rebellion |
2018-12-12 | ![]() |
ThinkPHP 5.x Remote Code Execution | 1053 | WEB | VulnSpy |
2018-12-12 | ![]() |
WordPress Snap Creek Duplicator Code Injection | 380 | WEB | Julien Legras |
2018-12-12 | ![]() |
PrestaShop 1.6.x / 1.7.x Remote Code Execution | 217 | WEB | farisv |
2018-12-10 | ![]() |
i-doit CMDB 1.11.2 - Remote Code Execution | 176 | WEB | AkkuS |
2018-12-06 | ![]() |
HasanMWB 1.0 SQL Injection | 241 | WEB | Ihsan Sencan |
DoS/PoC
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2020-01-22 | ![]() |
Sysax Multi Server 5.50 - Denial of Service (PoC) | 213 | DOS | Shailesh Kumavat |
2019-01-03 | ![]() |
EZ CD Audio Converter 8.0.7 Denial Of Service | 268 | DOS | Achilles |
2019-01-03 | ![]() |
NetworkSleuth 3.0.0.0 Denial Of Service | 179 | DOS | Luis Martinez |
2019-01-03 | ![]() |
NBMonitor Network Bandwidth Monitor 1.6.5.0 Denial Of Service | 197 | DOS | Luis Martinez |
2018-12-29 | ![]() |
WebKit JSC AbstractValue::set Use-After-Free | 136 | DOS | lokihardt |
2018-12-29 | ![]() |
WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write | 127 | DOS | lokihardt |
2018-12-28 | ![]() |
Armitage 1.14.11 Denial Of Service | 96 | DOS | Mr Winst0n |
2018-12-28 | ![]() |
NetShareWatcher 1.5.8 Denial Of Service | 88 | DOS | T3jv1l |
2018-12-28 | ![]() |
ShareAlarmPro 2.1.4 Denial Of Service | 97 | DOS | T3jv1l |
2018-12-28 | ![]() |
Product Key Explorer 4.0.9 Denial Of Service | 119 | DOS | T3jv1l |
Shellcode
Papers
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2018-11-16 | ![]() |
The Powerful Resource of PHP Stream Wrappers | 273 | PAPERS | Netsparker |
2018-11-01 | ![]() |
Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam | 162 | PAPERS | phrack |
2018-10-09 | ![]() |
A Red Teamer’s guide to pivoting | 136 | PAPERS | Artem Kondratenko |
2018-10-08 | ![]() |
Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) | 119 | PAPERS | phrack |
2018-01-15 | ![]() |
Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata | 915 | PAPERS | phrack |
2017-08-28 | ![]() |
Abusing Token Privileges For LPE | 614 | PAPERS | drone and breenmachine |
2017-01-12 | ![]() |
OpenSSL - Weak KDF | 700 | PAPERS | anonymous |
2014-08-27 | ![]() |
SSDP Amplification Scanner | 462 | PAPERS | SaMaN |
2014-06-26 | ![]() |
[Hacking-Contest] SSH Server wrapper | 427 | PAPERS | Jakob Lell |
2012-03-20 | ![]() |
Full MSSQL Injection PWNage | 627 | PAPERS | CWH Underground |