Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-12-17   Cisco RV110W Password Disclosure / Command Execution 26 REMOTE RySh
2018-12-14   Safari Proxy Object Type Confusion 17 REMOTE saelo
2018-12-10   FutureNet NXR-G240 Series ShellShock Command Injection 10 REMOTE Nassim Asrir
2018-12-05   OpenSSH < 7.7 - User Enumeration 40 REMOTE LeapSecurity
2018-12-04   HP Intelligent Management Java Deserialization Remote Code Execution 10 REMOTE Carsten MaartmannMoe
2018-12-04   NEC Univerge Sv9100 WebPro 6.00.00 Predictable Session ID / Cleartext Passwords 4 REMOTE hyp3rlinx
2018-12-04   CyberArk 9.7 - Memory Disclosure 1 REMOTE Thomas Zuk
2018-12-03   Apache Spark - Unauthenticated Command Execution (Metasploit) 19 REMOTE Green-m
2018-11-29   PHP imap_open Remote Code Execution 38 REMOTE h00die
2018-11-29   TeamCity Agent XML-RPC Command Execution 6 REMOTE Dylan Pindur

Local Exploits

Date D   Description Plat. Author
2018-12-19   Nsauditor 3.0.28.0 Buffer Overflow 0 LOCAL Achilles
2018-12-18   Windows Persistent Service Installer 2 LOCAL Green-m
2018-12-17   Zortam MP3 Media Studio 24.15 Local Buffer Overflow 1 LOCAL Manpreet Singh Kheberi
2018-12-14   Windows UAC Protection Bypass 10 LOCAL St0rn
2018-12-13   WebDAV Server Serving DLL 4 LOCAL James Cook
2018-12-12   Linux userfaultfd tmpfs File Permission Bypass 8 LOCAL jannh
2018-12-12   CyberLink LabelPrint 2.5 Stack Buffer Overflow 1 LOCAL modpr0be
2018-12-12   Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle 2 LOCAL jannh
2018-12-12   XNU POSIX Shared Memory Mapping Issue 0 LOCAL jannh
2018-12-05   Xorg X11 Server (AIX) - Local Privilege Escalation 8 LOCAL 0xdono

Web Applications

Date D   Description Plat. Author
2018-12-17   Huawei Router HG532e Command Execution 8 WEB Rebellion
2018-12-12   ThinkPHP 5.x Remote Code Execution 36 WEB VulnSpy
2018-12-12   WordPress Snap Creek Duplicator Code Injection 24 WEB Julien Legras
2018-12-12   PrestaShop 1.6.x / 1.7.x Remote Code Execution 10 WEB farisv
2018-12-10   i-doit CMDB 1.11.2 - Remote Code Execution 7 WEB AkkuS
2018-12-06   HasanMWB 1.0 SQL Injection 14 WEB Ihsan Sencan
2018-12-05   NUUO NVRMini2 3.9.1 - Authenticated Command Injection 13 WEB Artem Metla
2018-12-04   Apache Superset 0.23 - Remote Code Execution 19 WEB David May
2018-12-04   Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection 5 WEB Ihsan Sencan
2018-12-04   PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure 4 WEB ParagonSec

DoS/PoC

Date D   Description Plat. Author
2018-12-19   Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write 0 DOS ifratric
2018-12-19   AnyBurn 4.3 Buffer Overflow / Denial Of Service 0 DOS Achilles
2018-12-19   Exel Password Recovery 8.2.0.0 Buffer Overflow / Denial Of Service 0 DOS Achilles
2018-12-19   MegaPing Buffer Overflow / Denial Of Service 0 DOS Achilles
2018-12-17   Angry IP Scanner 3.5.3 Denial Of Service 2 DOS Fernando Cruz
2018-12-17   UltraISO 9.7.1.3519 Output FileName Denial Of Service 2 DOS Francisco Ramirez
2018-12-12   SmartFTP Client 9.0.2623.0 Denial Of Service 4 DOS Alejandra Sanchez
2018-12-12   LanSpy 2.0.1.159 Buffer Overflow 2 DOS Gionathan Reale
2018-12-12   WebKit JIT Proxy Object Issue 3 DOS lokihardt
2018-12-10   MiniShare 1.4.1 HEAD / POST Buffer Overflow 4 DOS Rafael Pedrero

Shellcode

Date D   Description Plat. Author
2018-12-12   Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 2 SHELLCODE T3jv1l
2018-12-05   Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes) 7 SHELLCODE Kağan Çapar
2018-12-05   Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) 6 SHELLCODE Nelis
2018-11-14   Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shel 10 SHELLCODE Javier Tello
2018-11-01   Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator) 29 SHELLCODE Roziul Hasan Khan Shifat
2018-10-25   Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes 12 SHELLCODE Goutham Madhwaraj
2018-10-09   Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shel 16 SHELLCODE cq674350529
2018-10-09   Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 byt 11 SHELLCODE Kartik Durg
2018-10-08   Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes) 6 SHELLCODE Pedro Cabral
2018-09-27   Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 By 15 SHELLCODE Ken Kitahara

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 11 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 12 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 20 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 8 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 219 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 317 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 271 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 305 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 281 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 441 PAPERS CWH Underground