Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-04-19   Easy File Sharing Web Server 7.2 - Stack Buffer Overflow 19 REMOTE rebeyond
2018-04-19   Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Meta 7 REMOTE José Ignacio Rojo
2018-04-13   F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure 25 REMOTE 0x00string
2018-04-08   Adobe Flash 28.0.0.137 Remote Code Execution 44 REMOTE SyFi
2018-04-04   Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection 24 REMOTE Talos
2018-04-03   Nginx 1.13.10 Accept-Encoding Line Feed Injection 71 REMOTE Keiliikoa Kirland
2018-04-02   Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Bu 20 REMOTE Chris Lyne
2018-03-30   ManageEngine Application Manager Remote Code Execution 35 REMOTE Mehmet Ince
2018-03-30   Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit) 23 REMOTE Daniel Teixeira
2018-03-30   GitStack - Unsanitized Argument Remote Code Execution (Metasploit) 18 REMOTE Jacob Robles

Local Exploits

Date D   Description Plat. Author
2018-04-19   AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution 4 LOCAL Securifera
2018-04-19   Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service 3 LOCAL Sahil Tikoo
2018-04-19   Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service 2 LOCAL Sahil Tikoo
2018-04-19   CloudMe Sync 1.11.0 Local Buffer Overflow 2 LOCAL Prasenjit Kanti Paul
2018-04-19   Zortam MP3 Media Studio 23.45 Buffer Overflow 2 LOCAL Kevin McGuigan
2018-04-19   Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privile 3 LOCAL xiaodaozhi
2018-04-19   Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) 5 LOCAL xiaodaozhi
2018-04-19   Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) 5 LOCAL xiaodaozhi
2018-04-16   GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation 5 LOCAL Pirhack
2018-04-12   SysGauge Pro 4.6.12 Local Buffer Overflow 5 LOCAL Hashim Jawad

Web Applications

Date D   Description Plat. Author
2018-04-19   Lutron Quantum 2.0 - 3.2.243 - Information Disclosure 5 WEB SadFud
2018-04-16   MikroTik 6.41.4 - FTP daemon Denial of Service PoC 3 WEB FarazPajohan
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut 12 WEB Hans Topo
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execut 7 WEB Vitalii Rudnykh
2018-04-10   CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Executi 11 WEB RedTeam Pentesting
2018-04-04   ProcessMaker Plugin Code Execution 22 WEB Brendan Coles
2018-04-04   DuckDuckGo 4.2.0 WebRTC Private IP Leakage 19 WEB Brendan Coles
2018-04-02   Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) 29 WEB Touhid M.Shaikh
2018-04-02   osCommerce 2.3.4.1 - Remote Code Execution 20 WEB Simon Scannell
2018-04-02   Homematic CCU2 2.29.23 - Remote Command Execution 21 WEB Gregor Kopf

DoS/PoC

Date D   Description Plat. Author
2018-04-19   VX Search 10.6.18 - 'directory' Local Buffer Overflow 2 DOS Kevin McGuigan
2018-04-19   Facebook Graph Groups Crosswalk User Metadata Mapping Weakness 1 DOS Todor Donev
2018-04-19   Facebook Graph Phone Number Metadata Crosswalk Mapping Proof Of Concept 1 DOS Todor Donev
2018-04-19   Facebook Graph Metadata Crosswalk Mapping Proof Of Concept 1 DOS Todor Donev
2018-04-17   Barco ClickShare CSE-200 - Remote Denial of Service 4 DOS Florian Hauser
2018-04-11   Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Conf 6 DOS Google Security Research
2018-04-10   CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure 6 DOS RedTeam Pentesting
2018-04-08   Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods 10 DOS Google Security Research
2018-04-04   Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2) 18 DOS Google Security Research
2018-04-04   Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) 19 DOS Google Security Research

Shellcode

Date D   Description Plat. Author
2018-04-12   Linux/x64 - x64 Assembly Shellcode (Generator) 11 SHELLCODE 0x4ndr3
2018-03-26   Linux/x86 - EggHunter Shellcode (11 Bytes) 24 SHELLCODE Anurag Srivastava
2018-03-21   Linux/x86 - execve(/bin/sh) Shellcode (18 bytes) 29 SHELLCODE Anurag Srivastava
2018-02-26   Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) 68 SHELLCODE rtmcx
2018-02-05   Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode 69 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Genera 64 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode 66 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes) 59 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567 68 SHELLCODE 0x4ndr3
2018-02-05   Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode ( 73 SHELLCODE 0x4ndr3

Papers

Date D   Description Plat. Author
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 109 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 154 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 146 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 221 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 234 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 348 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 238 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 205 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 306 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 683 PAPERS admin