Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2017-08-21   Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass) 3 REMOTE Hans Jerry Illikainen
2017-08-02   Microsoft Windows LNK Shortcut File Code Execution 54 REMOTE Yorick Koster
2017-08-01   DiskBoss Enterprise 8.2.14 - Buffer Overflow 9 REMOTE Ahmad Mahfouz
2017-08-01   Jenkins < 1.650 - Java Deserialization 21 REMOTE Janusz Piechówka
2017-07-25   VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execu 11 REMOTE Brendan Coles
2017-07-25   IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit) 14 REMOTE h00die
2017-07-25   Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) 22 REMOTE Mohamed Hamdy
2017-07-25   Easy Chat Server User Registeration Buffer Overflow (SEH) 5 REMOTE Marco Rivoli
2017-07-25   Metasploit RPC Console Command Execution 17 REMOTE Brendan Coles
2017-07-18   Belkin NetCam F7D7601 - Multiple Vulnerabilities 14 REMOTE Wadeek

Local Exploits

Date D   Description Plat. Author
2017-08-23   VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow 0 LOCAL Anurag Srivastava
2017-08-23   Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow 0 LOCAL Anurag Srivastava
2017-08-22   Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) 3 LOCAL OJ Reeves
2017-08-22   VMware VDP Known SSH Key 2 LOCAL phroxvs
2017-08-22   IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution 3 LOCAL Brendan Coles
2017-08-22   Disk Pulse Enterprise 9.9.16 Buffer Overflow 3 LOCAL Anurag Srivastava
2017-08-22   Disk Sorter Enterprise 9.9.12 Buffer Overflow 3 LOCAL Anurag Srivastava
2017-08-22   Sync Breeze Enterprise 9.9.16 Buffer Overflow 2 LOCAL Anurag Srivastava
2017-08-22   Easy DVD Creator 2.5.11 Buffer Overflow 2 LOCAL Anurag Srivastava
2017-08-16   Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode) 5 LOCAL f3ci

Web Applications

Date D   Description Plat. Author
2017-08-11   DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration 10 WEB LiquidWorm
2017-08-09   Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution 1 WEB Kacper Szurek
2017-08-02   Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload 8 WEB James Fitts
2017-08-02   Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Meta 3 WEB James Fitts
2017-07-31   GitHub Enterprise < 2.8.7 - Remote Code Execution 9 WEB orange
2017-07-27   WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cro 1 WEB Google Security Research
2017-07-25   ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit 6 WEB Kacper Szurek
2017-07-21   Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit) 16 WEB xort
2017-07-21   Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit 8 WEB xort
2017-07-21   Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit) 7 WEB xort

DoS/PoC

Date D   Description Plat. Author
2017-08-21   MessengerScan 1.05 - Local Buffer Overflow (PoC) 5 DOS Anurag Srivastava
2017-08-21   DSScan 1.0 - Local Buffer Overflow (PoC) 2 DOS Anurag Srivastava
2017-08-21   MyDoomScanner 1.00 - Local Buffer Overflow (PoC) 1 DOS Anurag Srivastava
2017-08-18   Microsoft Edge - Out-of-Bounds Access when Fetching Source 4 DOS Google Security Research
2017-08-18   Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion 3 DOS Google Security Research
2017-08-18   Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initia 3 DOS Google Security Research
2017-08-18   Microsoft Edge Chakra - Heap Buffer Overflow 5 DOS Huang Anwen
2017-08-18   Microsoft Edge Chakra - NULL Pointer Dereference 4 DOS Huang Anwen
2017-08-18   Microsoft Edge Chakra - Buffer Overflow 3 DOS Huang Anwen
2017-08-18   Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow 4 DOS Huang Anwen

Shellcode

Date D   Description Plat. Author
2017-08-22   Linux/x86_64 - Fork Bomb Shellcode (11 bytes) 3 SHELLCODE Touhid M.Shaikh
2017-08-22   Linux/x86_64 - kill All Processes Shellcode (19 bytes) 1 SHELLCODE Touhid M.Shaikh
2017-08-21   Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) 1 SHELLCODE Touhid M.Shaikh
2017-08-07   Linux x86 - /bin/sh Shellcode (24 bytes) 5 SHELLCODE Touhid M.Shaikh
2017-07-21   Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) 9 SHELLCODE m4n3dw0lf
2017-07-06   Linux/x86 - Reverse TCP Shellcode (67 bytes) 9 SHELLCODE Geyslan G. Bem
2017-06-27   Linux/x86 - Bind Shell Shellcode (75 bytes) 11 SHELLCODE wetw0rk
2017-06-22   Linux/x86 - Reverse UDP Shellcode (668 bytes) 18 SHELLCODE DONTON Fetenat C
2017-06-16   Linux/x86_64 - execve("/bin/sh") Shellcode (24 bytes) 19 SHELLCODE m4n3dw0lf
2017-06-16   Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) 9 SHELLCODE nullparasite

Papers

Date D   Description Plat. Author
2017-01-12   OpenSSL - Weak KDF 56 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 138 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 112 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 242 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 145 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 125 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 179 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 475 PAPERS admin