Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2018-09-19   NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) 10 REMOTE Jacob Baines
2018-09-18   CA Release Automation NiMi 6.5 - Remote Command Execution 9 REMOTE Jakub Palaczynski
2018-09-17   Apache Syncope 2.0.7 Remote Code Execution 23 REMOTE Che-Chun Kuo
2018-09-11   Easy File Sharing Web Server 6.9 Buffer Overflow 30 REMOTE Hodorsec
2018-09-10   Apache Struts 2 Namespace Redirect OGNL Injection 33 REMOTE wvu
2018-09-07   Ghostscript Failed Restore Command Execution 20 REMOTE wvu
2018-09-06   FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) 22 REMOTE Luis Martínez
2018-09-06   FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution 10 REMOTE vr_system
2018-08-29   Argus Surveillance DVR 4.0.0.0 Directory Traversal 26 REMOTE hyp3rlinx
2018-08-29   Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure 8 REMOTE BrianWGray

Local Exploits

Date D   Description Plat. Author
2018-09-18   Solaris libnspr NSPR_LOG_FILE Privilege Escalation 4 LOCAL Brendan Coles
2018-09-14   Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow 8 LOCAL ZwX
2018-09-14   Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) 7 LOCAL Gionathan Reale
2018-09-14   Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH 2 LOCAL Gionathan Reale
2018-09-14   STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation 2 LOCAL Parvez Anwar
2018-09-13   InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH) 3 LOCAL Luis Martínez
2018-09-11   Any Sound Recorder 2.93 - Denial of Service (PoC) 6 LOCAL T3jv1l
2018-09-11   Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) 4 LOCAL Shubham Singh
2018-09-11   Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection 11 LOCAL hyp3rlinx
2018-09-11   Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH) 5 LOCAL Shubham Singh

Web Applications

Date D   Description Plat. Author
2018-09-20   LG SuperSign EZ CMS 2.5 - Local File Inclusion 6 WEB Alejandro Fanjul
2018-09-17   Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) 11 WEB Stephen Shkardoon
2018-09-13   LG Smart IP Camera 1508190 - Backup File Download 13 WEB Ege Balci
2018-09-13   CirCarLife SCADA 4.3.0 - Credential Disclosure 5 WEB SadFud
2018-09-13   Seagate Personal Cloud Information Disclosure 6 WEB Yorick Koster
2018-09-12   Tor Browser 7.x NoScript Bypass 7 WEB x0rz
2018-09-11   phpMyAdmin Credential Stealer 33 WEB Dhiraj Mishra
2018-09-11   LW-N605R 12.20.2.1486 - Remote Code Execution 7 WEB Nassim Asrir
2018-09-11   RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution 7 WEB Reigning Shells
2018-09-07   Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) 10 WEB Marko Jokic

DoS/PoC

Date D   Description Plat. Author
2018-09-18   Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion 7 DOS lokihardt
2018-09-18   Microsoft Edge Chakra JIT localeCompare Type Confusion 6 DOS lokihardt
2018-09-18   Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) 6 DOS cakes
2018-09-18   Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (P 6 DOS Jose Eduardo Castro
2018-09-17   Notebook Pro 2.0 - Denial Of Service (PoC) 6 DOS Ali Alipour
2018-09-17   XAMPP Control Panel 3.2.2 - Denial of Service (PoC) 7 DOS Gionathan Reale
2018-09-17   Faleemi Plus 1.0.2 - Denial of Service (PoC) 4 DOS Gionathan Reale
2018-09-17   InfraRecorder 0.53 - '.txt' Denial of Service (PoC) 6 DOS Gionathan Reale
2018-09-17   CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) 5 DOS Alan Joaquín Baeza Meza
2018-09-14   TeamViewer App 13.0.100.0 - Denial of Service (PoC) 6 DOS Ali Alipour

Shellcode

Date D   Description Plat. Author
2018-09-18   Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Byt 3 SHELLCODE Ken Kitahara
2018-09-17   Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellco 7 SHELLCODE Ray Doyle
2018-09-17   Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic She 4 SHELLCODE Ray Doyle
2018-09-17   Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes) 4 SHELLCODE Ray Doyle
2018-09-17   Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes) 6 SHELLCODE Ray Doyle
2018-09-05   Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode 11 SHELLCODE Ken Kitahara
2018-09-03   Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode 9 SHELLCODE Ken Kitahara
2018-08-30   Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes) 16 SHELLCODE n30m1nd
2018-08-30   Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) 4 SHELLCODE Kevin Kirsche
2018-08-30   Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode 2 SHELLCODE Kevin Kirsche

Papers

Date D   Description Plat. Author
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 203 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 263 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 228 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 283 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 270 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 414 PAPERS CWH Underground
2011-10-12   Reverse Shell Cheat Sheet 283 PAPERS pentestmonkey
2011-10-09   Beyond SQLi: Obfuscate and Bypass 254 PAPERS ZeQ3uL
2011-06-02   Local File Inclusion to Remote Command Execution using SSH 362 PAPERS LaNMaSteR53
2011-04-27   offsec官方渗透测试报告 828 PAPERS admin